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Foreword 


Dr.  Graham  Turbiville’s  monograph  on  insurgent  counterintelligence 
approaches  one  facet  of  an  insurgency  and  continues  his  research 
writings  on  the  functions  of  insurgent  organizations  he  started 
with  in  his  2005  JSOU  Press  monograph  on  insurgent  logistics.  A  key  issue 
underpinning  this  current  volume  is  the  complex  relationship  between  state 
and  nonstate  actors.  The  nonstate  actors  are  organizations  with  structures 
and  personnel;  albeit  that  these  structures  vary  considerably  in  complexity 
from  group  to  group.  Insurgent  groups  have  goals  that  require  a  strategy  and 
operational  planning  to  achieve.  Consequently,  the  groups  need  to  secure 
their  operations  to  ensure  effectiveness;  they  also  need  to  provide  security 
because  the  operations  entail  securing  the  organization  and  its  personnel 
from  government  counterinsurgency  operations.  Ultimately,  this  leads  groups 
to  develop  some  form  of  counterintelligence  rules  and  structure  to  provide 
security.  In  small  groups  this  may  be  limited  to  security-focused  rules  of 
conduct  and  operational  security,  but  as  groups  grow  in  size  and  complexity, 
the  need  for  a  more  formal  type  of  organizational  structure  increases  and  a 
more  robust  security  organization  will  be  needed. 

Dr.  Turbiville  does  an  excellent  job  of  highlighting  the  critical  element 
of  security  and  how  insurgent  groups  ignore  it  at  their  peril.  Another  effec¬ 
tive  analysis  is  his  discussion  of  trends  and  similarities  that  can  be  observed 
across  geographical,  historical,  and  cultural  boundaries.  In  other  words,  all 
insurgent  groups  must  provide  for  some  form  of  security  and  understanding; 
this  provides  a  useful  prism  with  which  to  analyze  various  groups.  Piercing  a 
group’s  intelligence  capabilities  can  be  critical  in  undermining  its  operations. 
As  a  word  of  caution,  insurgents  can  do  the  same  thing  to  governments.  Dr. 
Turbiville  persuasively  argues  Michael  Collins’  targeting  of  British  intel¬ 
ligence  organizations  seriously  undermined  British  security  force’s  resolve 
in  Irish  counterinsurgency  operations  in  the  early  20th  century. 

This  tit-for-tat  threat  and  counterthreat  also  applies  to  the  concept  of 
infiltration,  the  greatest  threat  to  an  insurgent  group.  Shielding  itself  from 
government  infiltration  or  penetration  is  a  critical  element  in  ensuring 
an  insurgent  group’s  freedom  of  operation.  Ultimately,  this  requires  the 
population  to  either  actively  support  or  passively  tolerate  the  insurgents. 
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Consequently,  the  population’s  loyalty,  a  fundamental  tenet  of  irregular 
warfare,  is  the  objective  of  both  sides  fighting  in  an  insurgency. 

Violence  will  be  part  of  any  insurgency  or  irregular-warfare  campaign. 
The  fundamental  question  is  whether  the  use  of  violence  or,  more  importantly, 
how  violence  is  used  will  affect  winning  or  losing  the  population’s  loyalty. 
This  factor  applies  to  both  sides  in  the  conflict.  Excessive  force  can  drive  a 
wedge  between  the  population  and  the  operational  forces,  be  they  govern¬ 
ment  or  insurgent.  However,  retribution  by  security  forces  to  an  insurgent 
attack  or  operation  can  often  play  into  the  hands  of  the  insurgents.  This  is 
particularly  true  when  the  security  forces  are  viewed  by  the  population  as 
an  “external”  force.  Once  again,  the  local  population  decides  who  or  what 
is  an  external  force.  In  the  case  of  Ireland,  the  British  believed  they  were  the 
local  government,  but  the  locals  came  to  view  them  as  occupiers. 

This  monograph  has  significant  implications  for  U.S.  Special  Operations 
Forces  as  we  continue  to  operate  in  both  combat  and  noncombat  zones 
against  groups  desiring  to  overthrow  existing  governments.  We  must  take 
into  account  the  insurgent  organization’s  plans  and  operations,  but  to  do 
so  will  require  us  and  our  local  hosts  to  overcome  the  insurgent  or  terror¬ 
ist  group’s  internal  security  processes  while  protecting  our  operations  and 
organizations  from  insurgent  infiltration. 

Michael  C.  McMahon,  Lt  Col,  USAF 
Director,  JSOU  Strategic  Studies  Department 
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Guerrilla  Counterintelligence 

Insurgent  Approaches  to  Neutralizing 
Adversary  Intelligence  Operations 


Successful  insurgent  leaders  have  identified  effective  counterintel¬ 
ligence  planning,  tradecraff,  and  implementation  as  essential  for 
the  continued  survival  of  insurgent  groups  and  for  their  eventual 
development  and  advancement.  Typically  threatened  at  every  turn  by  more 
numerous  and  robust  government  means,  resourceful  guerrilla  counterintel¬ 
ligence  cells  in  every  area  of  the  world  have  sought  to  devise  approaches  and 
actions  that  neutralized  the  intelligence  organizations  and  activities  arrayed 
against  them.1  It  has  been  a  prerequisite  for  carrying  out  the  organization, 
concealment,  recruiting,  arming,  financing,  planning,  and  execution  of 
operations  by  dissident  armed  groups. 

All  insurgent  groups — incorporating  variations  in  concept  and  nuance — 
recognize  the  need  to  protect  their  forces  from  the  hostile  action  of  enemy 
intelligence  initiatives  and  to  degrade  the  intelligence  and  security  compo¬ 
nents  facing  them.2  As  a  consequence,  insurgent  counterintelligence — like 
its  government  counterparts — has  both  defensive  and  offensive  components 
that  range  from  the  most  passive  security  measures  and  admonitions  for 
exercising  discretion,  to  aggressive  direct  actions  targeted  against  enemy 
intelligence  personnel  and  resources.3  While  addressed  to  some  extent  in 
the  literature  of  intelligence  and  counterinsurgency,  attention  to  insurgent 
counterintelligence  thought  and  practices  has  been  less  focused  than  for 
other  associated  issues. 

This  monograph  addresses  dimensions  of  insurgent  counterintelligence 
(Cl)  with  the  aim  of  illuminating  the  Cl  perspectives,  operational  approaches, 
and  innovations  that  have  characterized  diverse  guerrilla  or  other  armed 
groups  operating  in  hostile  environments  around  the  world.  Focusing 
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primarily  on  the  human  intelligence  aspects,  it  will  examine  historical  and 
current  approaches  by  guerrilla  and  terrorist  groups  in  order  to: 

a.  Understand  how  government/coalition  adversaries  operate  and  seek 
information  about  insurgent  activity 

b.  Counter  government  intelligence  collection  initiatives  with  defensive 
measures 

c.  Carry  out  direct  actions  to  disrupt  government  intelligence  and  opera¬ 
tional  initiatives 

d.  Identify  common  and  unique  approaches,  tradecraft,  and  techniques 
employed 

e.  Address  the  important  ways  in  which  guerrilla  Cl  forms  a  part  of 
insurgent  planning  and  operations. 

This  focus  includes,  as  backdrop,  a  brief  look  first  at  the  innovation  and 
universality  of  “counterintelligence”  as  practiced  in  irregular  organizations 
as  different  as  ancient  tribal  structures  and  modern  dissident  or  crimi¬ 
nal  groupings.  The  awareness,  studied  reactions,  aggressive  responses,  and 
effectiveness  of  “counterintelligence”  by  these  groupings  have  been  more 
widespread  than  generally  supposed  and  roughly  analogous  to  contempo¬ 
rary  insurgent  Cl  requirements.  Collectively,  they  underscore  that  effec¬ 
tive  security  countermeasures  are  not  just  the  provenance  of  modern  state 
militaries  and  security  organizations,  and  may  often  be  underestimated. 
The  monograph  then  focuses  on  some  examples  of  insurgent  Cl  “theory”  or 
precepts  as  articulated  by  guerrilla  leaders,  intelligence  chiefs,  and  practi¬ 
tioners;  discusses  the  ways  in  which  insurgencies  have  applied  Cl  measures 
in  defensive  and  offensive  ways;  and  provides  some  conclusions  about  the 
practices,  successes,  and  failures  of  guerrilla  Cl  overall.  Initially,  the  open¬ 
ing  section  addresses  some  old  and  new  illustrations  evocative  of  the  folk 
wisdom  that  concludes  “it  is  a  double  pleasure  to  deceive  the  deceivers,”  a 
thought  that  has  many  antecedents  and  heirs.4 


Some  Precursors  and  Analogs 

If  intelligence,  in  the  tired  old  joke,  is  considered  to  be  the  “world’s  second 
oldest  profession,”  then  Cl  likely  appeared  first  among  its  several  compo¬ 
nents.  This  prospect  applies  to  ancient  tribal  confederations  and  loosely 
organized  or  irregular  groups  of  all  types  where  some  threat  influences  their 
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interests.  Organized  efforts  to  deny  adversaries  knowledge  of  one’s  activi¬ 
ties  and  goals,  while  also  damaging  or  distorting  the  means  and  ability  of 
competitors,  date  to  at  least  3,000  years  in  the  distant  past  and  appear  to  be 
a  fundamental  part  of  human  interaction.  Concepts  and  practices  developed 
to  achieve  such  goals  have  not  been  confined  to  military  and  political  endeav¬ 
ors  alone.  They  also  apply  to  many  other  forms  of  organized  human  activ¬ 
ity  including  economic 


. . .  even  the  most  primitive  political  and  social 
organizations  had  developed  approaches  to 
protect  their  plans,  assets,  and  activities,  while 
also  degrading  the  information-gathering  and 
assessments  of  enemies. 


and  criminal.  Literature 
and  history  are  replete 
with  examples  suggest¬ 
ing  that  even  the  most 
primitive  political  and 
social  organizations 

had  developed  approaches  to  protect  their  plans,  assets,  and  activities,  while 
also  degrading  the  information-gathering  and  assessments  of  enemies.5  As 
a  consequence,  it  is  fair  to  say  that  “counterintelligence,”  as  understood  and 
executed  today,  has  been  preceded  by  many  centuries  of  similar  practice 
and  has  often  anticipated — and  in  some  case  informed — the  most  modern 
concepts,  application,  and  fieldcraft.  Neither  differentials  in  modernization 
and  technology  nor  standardized  and  carefully  ordered  political  structures 
have  necessarily  been  determinants  of  successful  efforts  to  counter  “intel¬ 
ligence”  threats. 

Practitioners  whose  Cl  efforts  have  been  characterized  by  structure, 
training,  and  an  array  of  “tactics,  techniques,  and  procedures”  encompass 
a  number  of  ancient,  pre-state,  and  tribal  entities.  They  have  included  (and 
include)  radical,  extremist,  and  issue-oriented  groups  willing  to  use  vio¬ 
lence.  Among  these  are  anarchists  of  various  stripes  with  global  agendas 
(e.g.,  free  trade),  fringe  environmental  groups,  and  public/social  policy  pro¬ 
testers  whose  passions  have  crossed  into  criminal  or  terrorist  activities. 
International  criminal  gangs  and  various  ethnic  “mafias”  are  prominent 
practitioners,  while  law  enforcement  has  been  increasingly  confronted  with 
prison  and  domestic  street  gangs  that  are  race-  or  nationality-based  and 
determined  to  counter  the  focused  police  targeting  on  which  they  soon 
become  expert.  With  few  exceptions,  these  kinds  of  irregular  groups  and 
organizations  have  paid  the  closest  attention  to  Cl-type  measures  to  protect 
their  existence,  advance  their  operational  freedom,  and  damage  central 
and  local  government  bodies  attempting  to  dismantle  or  control  them.  A 
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brief  look  at  a  few  illustrative  precedents  provides  some  backdrop  for  con¬ 
temporary  practices.  But  most  importantly,  it  also  underscores  the  old  and 
continuing  dangers  of  underestimating  the  level  of  careful  consideration, 
innovation,  and  effectiveness  that  even  the  most  ancient  and  unsophisticated 
organizations  have  possessed. 

Biblical  passages  are  replete  with  accounts  of  military  and  political 
deception  and  stratagems.  Classical  strategists  like  the  6th  century  BC’s 
Sun  Tzu  offered  numerous  ideas  on  espionage  and  counterintelligence-like 
precepts  for  the  wise  leader  to  follow.6  Scholars  of  the  ancient  world  have 
found  considerable  detail  available,  as  well,  from  early  tracts  that  illustrate 
how  concerns  about  enemy  spying  were  transformed  into  organizational 
systems  designed  to  deny  information  and  eliminate  enemy  informers  and 
spies.7  Intelligence-gathering  agents,  reliance  of  a  supportive  population  to 
tell  of  anything  suspicious,  detention,  interrogation,  and  confirmation  of 
information  were  all  well  established. 

For  example,  in  what  is  now  Iraq,  cuneiform  tablets  from  the  8th  century 
BC  describe  a  neo -Assyrian  Cl  effort  to  catch  and  interrogate  a  spy  sent 


Iraqi  women  walk  past  a  wall  panel  from  the  palace  of  Assyrian  ruler  Sargon  II, 
who  2,700  years  ago  relied  upon  an  elaborate  intelligence/counterintelli¬ 
gence  network  in  what  is  now  Iraq.  The  panel  is  located  in  the  Iraqi  National 
Museum.  AFP  photo,  used  by  permission  of  Newscom. 
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by  the  leader  of  a  tribal  kingdom,  near  the  mouth  of  the  Euphrates  River, 
which  had  conquered  Babylon  and  dominated  Babylonia.  After  arriving 
at  the  city  he  was  to  spy  on,  the  agent’s  accent  revealed  to  local  tribesmen 
that  he  was  not  who  he  claimed  to  be.  The  information  was  transmitted  to 
a  node  on  the  distributed  neo -Assyrian  intelligence  network,  the  spy  was 
captured  and  interrogated,  and  in  time  revealed  important  information  on 
the  identities  and  locations  of  those  who  had  sent  him.  Suspicions  being  at 
least  as  great  then  as  now,  the  Assyrians  sent  their  own  agents  to  confirm 
what  they  had  been  told.8  An  instructive  and  intricate  diagram  of  a  neo- 
Assyrian  HUMINT  (human  intelligence)  network  running  from  remote 
territories  to  King  Sargon  II  has  been  derived  from  cuneiform  tablets,  a 
system  that  would  gratify  far  more  recent  practitioners.9 

In  sharp  contrast  to  ancient  Assyrians,  but  nevertheless  illustrative  of 
organized  Cl  efforts,  are  the  security  concerns  of  modern  radical  groups 
of  all  types — for  example,  militant  anarchist  groups,  radical  animal  rights 
organizations,  militant  environmentalists,  and  confrontational  anti-glo- 
balists.  These  groups  continue  efforts  to  mobilize  themselves  for  protecting 
their  activities  from  police  and  other  security  services,  as  they  have  from  the 
1960s  when  they  began  to  proliferate.  Many  of  them  believe  that  this  protec¬ 
tion  is  increasingly  important  in  a  security-centric  post-9/11  environment 
where  law  enforcement  watchfulness  is  greater  and  tolerance  for  unusual 
activity  less.  This  effort  has  been  accompanied  by  the  production  of  many 
internal  security  tracts  and  other  disseminated  advice.  A  good  example  is 
Security  Culture:  A  Handbook  for  Activists,  which  has  appeared  in  many 
print  and  digital  forums  in  several  editions.  It  was  assembled  primarily  by 
the  Earth  Liberation  Front,  but  is  clearly  the  work  of  multiple  contributors 
and  drawn  from  other  publications.10  It  was  billed  for  users  “associated  with 
groups  advocating  or  using  economic  disruption  or  sabotage,  theft,  arson, 
self  defence  from  police  or  more  militant  tactics.” 11 

Numerous  other  works,  old  and  new,  are  found  on  various  activist  sites 
and  address  similar  topics  for  the  same  audiences.12  Among  other  things, 
the  material: 

a.  Calls  for  overall,  disciplined  operations  security  (OPSEC),  to  include 
limited  access  to  planning  by  members  who  have  no  need  to  know, 
strictures  against  careless  speech,  and  the  need  for  vigilance. 
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b.  Cites  the  need  for  background  checks  and  vetting  among  new 
activists. 

c.  Offers  insights  on  the  various  types  of  informers  and  infiltrators  that 
might  appear,  how  to  identify  them,  and  how  to  deal  with  them. 

d.  Presents  primers  or  overviews  on  local  and  national  law  enforcement 
and  how  they  conduct  themselves. 

e.  Cites  historic  and  more  recent  examples  of  ways  in  which  law  enforce¬ 
ment  and  intelligence  agencies  successfully  target  or  disorganize 
activist  groups  through  coercion,  arrest,  and  disinformation. 

f.  Puts  forward  imperatives  to  counter  presumed  federal,  state,  and  local 
government  “COIN”  models  of  “repression.” 

g.  Describes  the  best  way  to  conduct  oneself  if  arrested  and  questioned 
as  well  as  what  to  do  during  searches  of  a  residence. 

h.  Suggests  ways  to  identify  and  avoid  surveillance  cameras  in  areas  of 
planned  activity. 

i.  Cautions  about  the  use  and  dangers  of  communications  means  to 
avoid  police/intelligence  compromise. 

j.  Sets  out  a  variety  of  tradecraft  tips,  including  instructions  on  how  to 
avoid  leaving  clues  and  identifying  evidence  during  direct  actions. 

The  phenomenon  of  international  criminal  street  gangs  has  been  around 
for  a  while,  but  has  become  far  more  visible  and  developed  in  the  last  two 
decades.  These  gangs  have  taken  many  forms,  with  outlaw  motorcycle  and 
prison  gangs  among  the  most  prominent  of  those  having  origins  in  the  United 


Counting  arson 
among  its  illegal 
activities,  and 
tracked  by  law 
enforcement,  the 
Earth  Liberation 
Front  has  given 
substantial  attention 
to  "counterintel¬ 
ligence"  techniques 
and  considerations. 
Zuma  photo,  used 
by  permission  of 
Newscom. 
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States.  Often  racially  or  ethnically  based,  the  growing  activities  and  sophis¬ 
tication  of  criminal  enterprises — for  example,  the  Bandidos,  Hell’s  Angels, 
Outlaws,  Bario  Azteca,  Aryan  Brotherhood,  Mexican  Mafia,  Latin  Lords,  and 
MS-13  (and  various  Mara  Salvatrucha  variants) — have  generated  a  far  larger 
and  focused  “gang  intelligence”  effort  among  law  enforcement  nationwide. 
A  common  trend  among  these  gangs,  however,  is  a  greater  Cl  effort  as  they 
have  tracked  the  threats  to  their  existence  posed  by  compromise,  arrest,  and 
dismantlement.  These  gang-initiated  measures  have  included  greater  internal 
security  among  their  often  unpredictable  members  and  rules  of  conduct  that 
incorporate  security  awareness.  Not  satisfied  with  protective  measures,  more 
aggressive  countermeasures  have  been  instituted  as  well. 

A  case  in  point  is  the  50-year-old  Bandido  Motorcycle  Gang,  centered  in 
Texas  but  with  dozens  of  U.S.  chapters  and  some  overseas  as  well.  A  violent 
organization  given  to  blood  feuds  with  rivals,  they  are  involved  with  numer¬ 
ous  kinds  of  criminality  including  drug  trafficking,  fraud,  contract  murder, 
prostitution,  and  other  activities.  To  control  their  criminal  enterprise  and 
to  protect  their  interests,  the  Bandidos  have  developed  codes  of  conduct 
and  a  defined  structure  present  from  their  national  “headquarters”  to  local 
chapters.  Rules  of  conduct — embedded  in  formal  bylaws  and  policies — are 
intended  to  reduce  security  dangers. 

Along  with  strictures — for  example,  against  lying,  stealing,  engaging  in 
some  of  the  more  pernicious  forms  of  illegal  drug  use  (“if  it  doesn’t  grow, 
don’t  blow”),  paying  dues,  and  keeping  bikes  in  good  working  order — a 
phased  system  of  carefully  vetting  new  members  governs  the  extremely  sen¬ 
sitive  process  of  slowly  integrating  someone  into  the  group  who  might  just 
betray  them.  Full  Bandido  members  or  full  chapters  recommend  a  pledge, 
and  typically  an  aspiring  member  will  go  through  periods  from  “hang- 
around”  status,  to  formal  probationary  prospect,  to  full  member  requir¬ 
ing  acquiescence  by  100  percent  of  the  chapter  membership.  Prospects  and 
hang-arounds  undergo  background  checks  and  are  closely  scrutinized  for 
police  associations.13 

Along  with  elected  officers  (including  a  president,  vice  president,  and 
secretary-treasurer),  the  Bandidos  established  appointed  national  and 
chapter  sergeants-at-arms — called  s ergentos  de  armas — with  a  nod  to  the 
organizational  name  and  a  constituency  that  includes  Anglo  and  Hispanic 
members.  The  s ergentos  de  armas  are  responsible  for  intelligence  (including 
Cl),  enforcement,  and  special  expertise.  Overall,  these  sergentos  de  armas, 
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one  to  three  per  chapter,  conduct  a  range  of  Cl  activities  to  frustrate  law 
enforcement  efforts  through  coercion,  false  reporting,  recruiting,  bribery, 
and  surveillance/countersurveillance. 

While  most  chapters  are  associated  with  specific  locations,  a  so-called 
“Nomad  Chapter”  is  made  up  of  long-term,  trusted  members  who  are 
responsible  for  security,  Cl,  and  organizational  issues.  Among  other  tasks, 
the  chapter  compiles  information  and  files  on  law  enforcement  as  well  as 
on  rival  gangs — a  circumstance  that  is  paralleled  by  some  insurgencies  too, 
where  other  hostile  movements  may  constitute  threats  as  serious  as  the 
police  and  security  forces.14  Law  enforcement  has  identified  the  following 
specific  activities  of  Bandido  intelligence/CI: 

a.  Corruption  of  public  officials  through  bribery  and  coercion  to  further 
criminal  endeavors 

b.  Coercion  of  law  enforcement  with  direct  violence  and  threats 

c.  Exploitation  of  law  enforcement  as  intelligence  sources 

d.  Focused  countersurveillance  of  police  to  include  videotaping 

e.  Mobilization  of  police  Internal  Affairs  against  officers  (using  selected 
measures — e.g.,  video/audio  clips  and  proliferating  false  reports) 

f.  Induction  of  members  (sometimes  acquired  from  the  many  Bandido 
“support  group”  clubs)  whose  lack  of  criminal  history  allows  the 
presentation  of  a  “clean”  face  in  pursuing  their  interests. 

The  Bandidos  made  it  an  imperative  a  few  years  ago  for  chapters  to  use 
technology,  as  incongruous  as  it  may  seem.  Some  chapter  personnel  have 
joined  the  culture  of  computers,  Internet  homepages,  “social  networking” 
sites,  cell  phones,  and  fax  machines;  it  is  also  a  rule  that  every  Bandido 
chapter  have  an  e-mail  address.  (The  Heart  of  Texas  Bandido  Motorcycle 
Club  Chapter  homepage,  for  example,  may  be  seen  at  www.bandidosmc. 
com/).  The  extent  to  which  computer  encryption  and  other  such  innovations 
are  used  has  not  become  publicly  known,  but  the  embrace  of  communica¬ 
tions  technology,  cameras,  and  the  seizure  of  computers  and  hard  drives 
in  raids  as  cyber-forensic  evidence  suggests  that  it  is  a  law-enforcement 
expectation. 

Overall,  a  wide  range  of  ancient  societies  and  even  the  most  loosely 
organized  irregular  in  modern  times  groups  have  made  efforts  to  system¬ 
atize  and  apply  associated  techniques  that  might  fall  under  the  rubric  of 
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counterintelligence.  If  lacking  the  levels  of  sophistication,  nuance,  and 
technology  of  some  modern  insurgencies  and  modern  state  security  estab¬ 
lishments,  they  are  not  so  different  that  they  are  unrecognizable.  In  many 
cases,  such  approaches  have  been  successful  and  advanced  the  interests 
of  the  groups  that  developed  and  applied  them.  This  reminder  of  a  long, 
universal  history  provides  a  good  backdrop  for  addressing  the  deeper  and 
more  focused  counterintelligence  thinking  of  insurgent  groups  whose  for¬ 
mulations  sometimes  approach  what  could  be  called  “theory.” 

Insurgent  Counterintelligence  "Theory" 

Just  as  there  are  classic  military  authors  from  ancient  and  more  modern 
times  who  have  captured  and  synthesized  enduring  strategic,  operational, 
and  tactical  insights  for  warfare  generally,  there  is  a  far  more  limited  but 
sometimes  quite  perceptive  group  of  Cl  practitioners  and  theorists.  Over 
decades  they  have  attempted  to  set  out  some  basic  precepts  for  what  they 
understood  to  be  the  critically  important  subject  of  insurgent  counterintel¬ 
ligence  and  security. 

To  perhaps  a  greater  extent  than  conventional  military  operations,  the 
world  that  guerrillas  consider  is  filled  with  innumerable  real,  imminent 
threats,  as  well  as  an  imperative  to  continuously  imagine  others.  Their  expe¬ 
rience  universally  indicated  that  enemies  are  found  at  every  quarter,  surprise 
is  frequent  and  should  be  expected,  and  even  the  smallest  mistake  and 
inattention  could  prove  fatal  to  individuals  or  disastrous  to  the  movement 
itself.  Central  Intelligence  Agency  (CIA)  officer  Carlos  Revillo  Arango,  in 
an  instructive  article  entitled  “Insurgent  Counterintelligence,”  categorized 
the  range  of  threats  faced  by  the  guerrilla  to  include: 

a.  Government  security  forces  and  targeted  actions  of  all  types 

b.  Competing  armed  or  dissident  groups  who  might  enjoy  advantage 
from  the  defeat  or  compromise  of  a  rival 

c.  Third-country  parties  whose  unilateral  actions  might  damage  or 
restrict  insurgent  operations 

d.  Betrayal — deserters,  collaborators,  and  informers  from  within  the 
group  who  may  act  out  of  jealousies,  perceived  slights,  coercion,  or 
profit — and  because  of  their  special  knowledge  can  generate  devas¬ 
tating  damage 


9 


JSOU  Report  09-1 


e.  Chance  occurrences  to  include  carelessness,  unrelated  changes  in 
government  routine  (e.g.,  curfews,  identifications,  and  checks),  and 
even  natural  disasters.15 

Insurgents  who  were  successful — or  at  least  survived  to  record  their 
views — often  lived  in  a  world  where  threats  like  these  proliferated,  and  they 
were  hunted  constantly.  Betrayal  was  a  daily  potential,  and  developing  a  sense 
of  near  paranoia  often  constituted  wisdom.  Despite  advances  in  technology 
that  put  insurgents  at  greater  risk  from  the  pre-World  War  II  period  to  date, 
the  greatest  danger  has  remained  the  “turned”  insider.  George  Orwell’s 
novel,  1984,  which  painted  a  picture  of  the  complete  “counterintelligence 
state,”  captured  in  a  bit  of  doggerel  the  milieu  of  both  the  novel’s  imagined 
dissident  citizen  and  real-life  guerrillas  with 
“under  the  spreading  Chestnut  tree,  I  sold  you 
and  you  sold  me.” 16  The  concern  is  reflected  in 
most  insurgent  counterespionage  writings  that 
follow.  The  observations  of  the  men  below — 
whose  backgrounds,  cultures,  and  ideologies 
were  quite  different — have  a  decided  practical  bent  and  some  commonalities. 
The  formulations  may  not  always  reflect  the  level  of  scholarship  associated 
with  “theory”  in  the  grander  sense,  and  certainly  not  in  an  abstract  sense, 
but  they  do  meet  the  criteria  of  being  generalized  and  based  on  observa¬ 
tion,  trial  and  error,  and  reasoned  consideration.  Certainly,  one  example 
of  theory  that  has  some  resonance  for  the  topic  at  hand  is  “they  killed  him 
on  the  theory  that  dead  men  tell  no  tales,”  a  proposition  in  which  guerrilla 
Cl  practitioners  appear  to  have  universal  belief.17 

Alberto  Bayo:  Cuba  and  Counterintelligence  Lessons  from  Three  Decades 

To  begin  a  look  at  some  notable,  illustrative  proponents  for  the  importance 
of  guerrilla  Cl,  Alberto  Bayo  stands  as  an  instructive  figure.  Bayo  was  a  sto¬ 
ried  and  colorful  figure  in  the  Cuban  Revolution  that  brought  Fidel  Castro 
to  power.  CIA  officer  Arango  noted  Bayo’s  view  that  “a  counterintelligence 
agent  was  of  greater  value  than  50  machine  guns:  he  could  work  among  the 
security  forces  and  keep  one  advised  of  all  their  intelligence  and  plans,”  and 
Bayo  developed  this  view  through  several  decades  of  experience. 


Betrayal  was  a  daily 
potential ,  and  developing 
a  sense  of  near  paranoia 
often  constituted  wisdom. 


10 


Turbiville:  Guerrilla  Counterintelligence 


"General"  Alberto  Bayo,  the 
Spanish  Civil  War  veteran 
and  unconventional  warfare 
specialist  whose  experience 
fighting  the  Riffs  helped  for¬ 
mulate  his  ideas  of  guerrilla 
warfare,  emphasized  counter¬ 
intelligence  issues  when  he 
trained  Fidel  Castro's  aspiring 
guerrillas  in  Mexico  prior  to 
their  infiltration  into  Cuba. 

Used  by  permission  of 
Paladin  Press. 


A  Spaniard — born  in  1892  in  Cuba  as  the  son  of  a  Spanish  colonel  sta¬ 
tioned  there — Bayo  became  an  officer  in  the  Spanish  Army.  He  had  a  vari¬ 
ety  of  assignments,  serving  as  a  combat  pilot  in  missions  against  Moorish 
rebels  in  North  Africa  under  Riff  leader  Abd-El-Krim.  He  was  later  trans¬ 
ferred  to  the  Spanish  Foreign  Legion  as  a  company  commander  where  he 
fought  the  Riffs  in  Morocco,  learning  the  basics  of  guerrilla  warfare  as 
practiced  by  these  Berber  fighters  and  becoming  an  enthusiast  for  irregular 
operations.18 

Bayo  sided  with  the  Republican  cause  in  the  Spanish  Civil  War — a 
catalyst  for  many  special  operations  and  irregular  warfare  developments 
in  World  War  II  and  the  Cold  War  period.19  His  most  notable  Civil  War 
achievement  was  the  temporary  seizing  of  the  Spanish  island  of  Majorca, 
which  his  command  held  briefly  before  withdrawing.  He  was  a  tireless  pro¬ 
ponent  for  guerrilla  warfare  as  a  greater  Republican  tool,  wrote  on  the  topic, 
and  before  the  end  of  the  conflict  did  establish  a  guerrilla  warfare  school  at 
Barcelona.  But  the  Republicans  lost  soon  after,  and  Bayo  began  an  expatriate 
life,  first  in  Cuba  and  then  Mexico.  He  taught  at  a  Mexican  military  avia¬ 
tion  school,  wrote,  and  involved  himself  in  Latin  American  revolutionary 
activity.  His  title  of  “General” — retained  with  the  acquiescence  of  colleagues 
for  the  rest  of  his  life — was  apparently  given  to  him  in  the  late  1940s  by  a 
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group  of  Costa  Rican-based  Nicaraguan  exiles  he  trained  for  an  unrealized 
assault  on  the  Somoza  regime. 

It  was  in  Mexico  that  Fidel  Castro  and  his  small  group  of  aspiring  gueril¬ 
las,  including  Ernesto  Che  Guevara,  sought  out  Bayo  and  proposed  that  he 
train  their  group  for  a  future  attack  on  the  Batista  regime  in  Cuba.  Castro 
had  been  familiar  with  some  of  Bayo’s  guerrilla  warfare  writings  and  thought 
he  would  be  a  good  choice  to  turn  untrained  enthusiasts  into  real  insur¬ 
gent  fighters.  The  64-year-old  Bayo  agreed  and  undertook  an  increasingly 
intense  training  program  for  the  group,  first  in  tactics  and  techniques  and 
then  renting  a  Mexican  ranch  not  far  from  Mexico  City  for  serious  physical 
conditioning,  real  field  work,  and  practical  training.  The  group’s  perfor¬ 
mance  satisfied  Bayo — particularly  that  of  his  “favorite”  student  Che — but 
near  its  end  the  training  was  punctuated  by  an  excellent  Cl  lesson  in  the 
consequences  of  the  unexpected — that  is,  Mexican  police  pursuing  thieves 
stopped  Castro  and  two  others. 

When  the  Mexican  police  discovered  that  the  thieves’  car  was  loaded 
with  weapons,  they  quickly  moved  to  the  ranch  and  arrested  Castro  and 
23  men  for  three  weeks.  They  also  confiscated  all  weapons.  Upon  release, 
however,  Castro  was  able  to  regroup,  rearm,  and  set  sail  on  the  Granma  for 
Cuba  and  history.  Bayo  went  to  Cuba  following  Castro’s  success  and  set  to 
training  Cuban  marines  and  special  units,  some  of  whom  reportedly  took 
part  in  Cuba’s  export  of  revolution  elsewhere  in  Latin  America.20  In  1963, 
U.S.  congressional  testimony  indicated  that  Bayo  was  director  of  the  Boca 
Chica  School,  in  Tarara,  Havana  Province,  a  school  established  for  the  train¬ 
ing  of  subversives  sent  to  promote  revolution  abroad.21 

Bayo  appears  to  have  published  his  most  influential  work,  150  Questions 
for  a  Guerrilla,  in  Havana  in  1959,  from  where  it  was  disseminated  to  Latin 
American  armed  groups  in  other  countries  including  Brazil,  Guatemala, 
and  Venezuela.22  The  instructive  booklet  was  intended  mainly  as  a  primer 
for  recruited  rural  guerrillas  who  were  little  steeped  in  guerrilla  skills.  As 
noted  above,  Bayo  chose  to  heavily  emphasize  Cl  lessons  learned  among  the 
Riffs  in  the  Moroccan  civil  war.  That  1920s  conflict  was  noted  for  its  twists, 
turns,  and  deceptions,  which  in  Bayo’s  judgment  reflected  the  complexities 
of  conspiratorial  revolutionary  politics  he  found  in  the  1940s  and  1950s.  In 
focusing  on  Cl,  he  contributed  to  the  body  of  “insurgent  counterintelligence” 
thinking  in  which  readers  will  note  a  number  of  themes  echoed  by  others 
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in  their  own  context  and  circumstances.  The  following  topics  are  among 
the  pertinent  Cl  issues  he  addressed: 

a.  A  guerrilla  “Information  Section,”  headed  by  the  second-in-command 
of  the  group,  must  be  established  to  handle  intelligence  and  coun¬ 
terintelligence  functions  and  activities.  It  should  be  composed  of 
small  cells  to  mitigate  damage  and  larger  compromise.  In  addition 
to  gathering  “positive”  intelligence  of  all  types  [there  clearly  being 
at  least  as  much  overlap  with  Cl  for  guerrillas  as  there  is  for  govern¬ 
ments],  it  will  carefully  monitor  the  conduct  of  group  members, 
record  all  large  and  small  wartime  activities,  maintain  lists  of  outside 
sympathizers  and  blacklists  of  known  or  potential  informers,  and 
maintain  a  coding/decoding  center.  These  activities,  along  with  the 
investigation  of  traitors,  were  noted  by  Bayo  as  suitable  for  both  male 
and  female  guerrillas. 

b.  Intelligence  and  counterintelligence  work  must  be  accomplished 
by  all  guerrillas.  But  the  counterintelligence  agent,  per  se,  has  pride 
of  place  among  guerrillas  in  wartime,  giving  “better  results  than 
the  intelligence  agent.”  The  Cl  agent — for  which  task  women  are 
“unbeatable” — penetrates  enemy  organizations  and  areas  masquerad¬ 
ing  as  a  friend  and  sympathizer,  often  acting  as  a  seller  of  provisions 
and  other  merchandise  at  a  low  cost.  Relying  on  observation  alone 
and  not  asking  questions,  he  or  she  reports  troop  levels,  strength, 
movement,  equipment,  and  morale.  Training  of  such  agents  must 
be  well  done.  Reports  are  generated  in  code  by  a  third  party  or  by 
messenger  where  there  is  urgency.  In  the  event  of  a  guerrilla  attack, 
guerrilla  Cl  agents  should  pretend  to  fight  in  behalf  of  the  enemy,  but 
avoid  causing  any  damage  to  guerrilla  forces. 

c.  The  potential  for  having  a  guerrilla  Cl  operative  who  is  an  officer  in 
the  enemy  forces  is  prized.  Such  an  operative  can  be  more  valuable  to 
the  guerrillas  than  “ten  of  our  own  officers  fighting  face  to  face  with 
the  enemy.”  Not  only  will  he  be  able  to  provide  quality  information  but 
he  should  seek  combat  assignments  that  allow  him  to  create  vulner¬ 
abilities  that  guerrillas  can  exploit  (e.g.,  leading  government  forces  into 
ambush  and  arranging  for  undermanned  garrisons).  The  formation 
of  “private”  armed  groups — that  is,  militias — seemingly  friendly  to 
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the  state  but  actually  in  collaboration  with  the  guerrillas  is  another 
possibility  (actually  practiced  against  the  Cuban  Batista  regime). 

d.  Regarding  intelligence  and  counterintelligence  and  underscoring 
their  importance  to  the  guerrillas,  the  view  was  asserted  that  “more 
wars  are  won  through  cunning  and  shrewdness  than  by  pulling  the 
trigger...” 

e.  Recruits  for  the  movement  must  be  fully  vetted  to  include  filling  out 
applications  that  provided  information  on  their  families,  personal 
political  history,  and  references  within  the  revolutionary  movement 
itself.  If  determined  to  be  a  potential  informer,  “he  will  be  judged  by 
a  summary  court  martial  as  a  traitor  to  the  revolution.”  Recruiting 
and  the  acceptance  of  volunteers  were  considered  a  critical  potential 
vulnerability. 

f.  If  the  movement  is  infiltrated  by  a  “chivator”  (informer) — who  despite 
all  the  efforts  made  to  screen  recruits  successfully  penetrates  it — he 
will  be  judged  by  a  Council  of  War  and  sentenced  to  death.  Political 
enemies  outside  the  movement  might  be  pardoned  for  their  mistaken 
beliefs,  but  a  chivator  will  be  executed. 

g.  The  group  must  be  alert  to  enemy  forces  masquerading  as  supporters 
(e.g.,  government  pseudo-operations).  One  example  of  such  a  group 
was  a  column  that  shouted  “Viva  Fidel”  upon  encountering  the  insur¬ 
gents  and  then  surprised  them  by  pulling  out  weapons,  coercing  their 
surrender,  and  then  executing  all  of  the  captured  guerrillas  except  a 
seven-man  advance  guard  that  managed  to  escape. 

h.  Before  attacking  a  town  or  population  center,  a  list  of  traitors  and 
“persecutors”  and  their  addresses  should  be  compiled  by  the  guerrilla 
Information  Section  (Intelligence  and  Counterintelligence)  including 
their  addresses,  and  this  should  be  provided  to  the  guerrilla  Operations 
Section. 

i.  The  maximum  size  of  guerrilla  cells  should  be  three  people  to  avoid 
the  compromise  of  larger  numbers  if  a  member  is  turned  or  compro¬ 
mised.  Any  cell  of  8-10  guerrillas  whose  members  also  head  other 
groups  of  the  same  size  should  be  dissolved. 

j.  Careful  attention  should  be  directed  towards  how  executions  for 
“counterrevolutionary  acts”  or  crimes  are  carried  out.  As  large  a  crowd 
as  possible  should  witness  the  event,  and  a  guerrilla  leader  should 
address  them  with  an  explanation  of  what  the  prisoner  had  done  to 
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deserve  a  death  sentence  and  emphasize  how  the  moral  qualities  of  the 
guerrillas  are  superior.  The  execution  should  be  a  “public  spectacle” 
accompanied  by  the  promise  to  carry  out  swift  justice  against  any 
malefactor  in  the  future. 

k.  Arms  and  equipment  caches  should  receive  close  oversight  for  their 
physical  security  and  danger  of  compromise  by  individuals.  Caches 
should  be  buried  deep,  to  a  depth  sufficient  to  avoid  detection  by 
enemy  forces,  even  if  they  dig  in  the  area.  Rural  guerrillas  should 
locate  caches  at  a  distance  of  some  30-60  yards  from  a  farmhouse  or 
dwelling.  Close  uniformity  in  approach,  however,  should  be  avoided 
so  that  government  personnel  cannot  establish  patterns. 

l.  Despite  the  unflinching  punishment  of  traitors  and  informers,  mod¬ 
eration  should  be  used  with  the  “lackeys”  of  the  oppressor  “that  the 
people  want  to  kill.”  Rather,  such  individuals  should  be  allowed  a 
defense,  with  consideration  given  also  to  the  possibility  that  a  suspect 
may  be  a  “counterspy”  working  in  behalf  of  the  revolution  and  only 
appearing  to  work  with  the  state. 


Michael  Collins:  Coercion  and  Assassination 
as  Counterintelligence  Tools 

One  of  the  most  successful  practitioners  of  counterintelligence  in  behalf  of 
an  insurgency  was  Irishman  Michael  Collins.  While  he  died  young  (age  31) 
in  a  1922  roadside  ambush  in  County  Cork,  he  had  developed  an  approach 
to  dealing  with  hostile  intelligence  services  that  remains  an  extraordinary 
example  of  how  Cl  can  immeasurably  advance  an  armed  dissident  move¬ 
ment.  It  established  a  pattern  for  much  later  British-Republican  struggles 
of  the  1970s,  troubles,  and  continued  conflict  in  the  1980s  and  1990s,  par¬ 
ticularly  the  intelligence-counterintelligence  dimensions.  His  approaches 
and  ideas  have  been  studied  by  many  other  subsequent  armed  groups  and 
leaders  engaged  in  a  struggle  against  state  power,  and  his  extraordinary  suc¬ 
cess  in  targeting  adversary  intelligence  officers  still  serves  as  a  cautionary 
potential  among  some  intelligence  services  today.23  His  activities  and  those 
of  the  British — featuring  such  entities  as  “Brain  Center,”  the  “Inner  Circle,” 
“the  Squad,”  “the  Twelve  Apostles,”  and  the  “Cairo  Gang” — entered  Irish 
revolutionary  mythology.  They  were  all  quite  real,  however,  their  intent 
serious,  and  their  roles  in  the  push  for  Irish  independence  substantial. 
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When  Collins  was  born  in  1890,  Ireland  was  entirely  under  British  rule. 
Irish  nationalists  had  long  had  aspirations  to  change  this,  some  by  creating 
a  fully  independent  Irish  Republic  and  others  willing  to  accept  their  own 
Irish  Parliament  and  some  form  of  Home  Rule,  even  if  British  oversight  and 
linkages  remained.  Collins  immediately  identified  with  the  cause  of  Irish 
independence  and  joined  the  secret  Irish  Republican  Brotherhood  (IRB) 
while  still  a  teenager.  He  participated  in  the  failed  1916  Easter  Rebellion, 
served  time  in  a  British  internment  camp,  and  upon  release  enthusiasti¬ 
cally  joined  the  Sinn  Fein  political  party  and  the  armed  “Volunteers”  (later 
the  Irish  Republican  Army — IRA).  Membership  in  these  organizations  was 
fed  not  just  by  long-standing  independence  aspirations  but  also  anger  over 
British  reprisals  after  Easter  1916,  particularly  executions  of  Irish  uprising 
leaders.  Collins  rose  to  leadership  positions  in  all  three  organizations  and — 
most  pertinent  to  this  discussion — became  the  director  of  Organization  and 
director  of  Intelligence  for  the  Volunteers  in  March  1918. 


Michael  Collins’  offensive 
counterintelligence  program 
in  behalf  of  the  Irish  republi¬ 
can  cause  compiled  detailed 
information  on  British  security 
approaches,  analyzed  govern¬ 
ment  intelligence  efforts,  and 
targeted  British  intelligence 
personnel  for  execution  by  a 
dedicated  team  of  operatives. 

Public  domain  image  from 
Wikipedia. 


Collins’  intelligence  contributions  had  many  dimensions  during  his  lead¬ 
ership.  The  most  central  components,  however,  were  counterintelligence- 
oriented  and  included: 

a.  Unremitting  efforts  to  create  extensive  intelligence  networks 
penetrating  British  military,  police,  and  political  structures  and 
subsequently 

b.  An  offensive  Cl  approach  that  targeted  opposing  intelligence  estab¬ 
lishments  as  well  as  specific  members  of  the  British  and  allied  Irish 
military,  police,  and  intelligence  services. 
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At  first,  the  networks  Collins  established  provided  him  with  high  quality 
intelligence,  including  tip-offs  of  impending  operations  and  policies  that 
affected  Irish  independence  movement  activities.  By  early  1919,  however,  the 
start  of  the  “War  of  Irish  Independence”  brought  the  second  component 
into  full  play  as  well  and  came  to  define  how  an  “intelligence  war”  could 
confound  a  far  more  powerful  state  adversary.24  As  tensions  mounted — and 
with  the  Volunteers  rechristened  as  the  IRA — Collins’  initial  formulations 
took  further  shape.  His  principal  intelligence  adversaries  were  known  and 
tracked  as  they  developed  and  were  reinforced.  Essential  tasks  like  arms 
smuggling  techniques  were  perfected.  Collins’  intelligence  targets  came  to 
include  the  British-directed  police  force  (the  Royal  Irish  Constabulary  [RIC] 
and  its  intelligence  components),  the  RIC  Reserve  Force  and  RIC  Auxiliary 
Division  paramilitaries,  and  British  regular  military  forces  and  intelligence 
components.25 


IRA  targets  included  sev¬ 
eral  categories  of  Ulster 
"Special"  Constabulary 
such  as  these,  who  were 
recruited  by  the  British  to 
reinforce  the  Royal  Irish 
Constabulary  and  placed 
initially  under  their  control. 
Public  domain  image  from 
Wikipedia. 

Additionally,  the  Dublin  Metropolitan  Police  (DMP)  and  particularly  its 
“G  Division”  (staffed  by  plain  clothes  detectives  and  charged  with  political 
intelligence  among  other  tasks)  was  a  major  force  to  be  understood  and 
neutralized.  The  Irish  makeup  of  the  major  police  establishments  offered 
Collins  and  his  compatriots  numerous  opportunities  to  penetrate  these 
bodies,  which  they  exploited  to  great  success. 

A  seminal  event  took  place  in  early  April  1919  according  to  Collins  and  his 
contemporaries.  One  of  Collins’  most  important  inside  operatives — a  DMP 
“confidential  typist”  Ned  Broy — allowed  the  Volunteer/IRA  Intelligence  chief 
and  one  of  his  intelligence  staff  to  enter  the  headquarters  of  the  G  Division  at 
midnight  and  spend  hours  reading  confidential  reporting  and  classified  files 
by  candlelight.26  What  he  saw  of  the  systematized  approach  used  by  the  DMP 
to  track  suspected  IRA  and  Sinn  Fein  members — including  a  careful  reading 
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of  his  own  file — sharpened  and  hardened  his  views.  It  convinced  him  that 
British  efforts  to  defeat  Irish  independence  aims  could  be  seriously  or  fatally 
damaged  by  attacking  the  Intelligence  personnel  and  networks  upon  which 
British  efforts  depended.27  Central  assumptions,  tenets,  and  other  dimen¬ 
sions  of  his  approaches  used  in  the  1919-1921  intelligence  wars  included  the 
following  (with  some  specific  operations  addressed  later  in  the  paper): 

a.  Informers  and  spies  operating  in  behalf  of  the  state — including  those 
recruited  from  rival  groups — pose  the  greatest  threat  against  an  armed 
resistance  movement. 

b.  Friendly  (republican  militant)  intelligence  structures  must  be  better 
prepared  and  organized  than  those  of  opponents  and  protected 
by  organizing  into  cells,  each  with  limited  knowledge  of  the  other 
participants. 

c.  Friendly  spies  and  informers  with  good  access  must  be  placed  or 
recruited  among  all  communications,  transportation,  and  other  orga¬ 
nizational  (trade  union)  and  infrastructure  administrative  elements. 

d.  Enemy  intelligence  itself  must  be  studied  and  understood  in  every 
dimension,  the  better  to  protect  one’s  own  resources  and  to  exploit 
adversary  vulnerabilities. 

e.  As  a  central  guiding  precept,  it  was  stressed  that  while  casualties  among 
enemy  soldiers  could  be  replaced  with  relative  ease,  intelligence  opera¬ 
tives  and  spies  supporting  British  efforts  were  exceptionally  high  value 
resources  whose  loss  would  be  difficult  or  impossible  to  offset. 

f.  The  identification  of  key  enemy  intelligence  personnel  individually 
and  groupings  whose  loss  would  be  particularly  harmful  should  be 
a  priority  task  for  IRA  intelligence. 

g.  Once  identified,  enemy  intelligence  operatives  should  be  threatened 
and  coerced  into  stopping  or  compromising  their  activities. 

h.  If  the  threatened  police  operatives  do  not  comply,  they  should  be 
killed. 

i.  Police  and  paramilitaries  who  commit  crimes  against  IRA  person¬ 
nel  or  advocate  oppressive  policies  should  be  eliminated,  even  long 
after  the  fact. 

j.  A  highly  secretive  assassination  section  was  necessary  to  carefully 
study  layouts,  plans,  timing,  and  personal  attributes  of  the  targets 
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before  assassinations,  with  provisions  made  for  the  disposal  of  the 
weapons  used. 

k.  Individual  members  should  foster  visual  or  other  identification  with 
British  or  non-republican  perspective  to  ease  movement  and  allay 
suspicion. 

The  consequences  of  Michael  Collins’  intelligence  efforts  were  much 
as  he  had  postulated.  Anti-republican  Intelligence  networks — manned  by 
Irish  RIC,  DPD,  and  the  British  alike — were  severely  damaged  when  key  offi¬ 
cers  and  operatives  were  physically  eliminated  (including  the  1920  “Bloody 
Sunday”  mass  assassination  addressed  later).  His  efforts — by  creating  an 
atmosphere  of  coercion  and  fear — brought  about  numerous  resignations 
and  retirements,  recruiting  shortfalls,  defections,  the  frequent  “turning  of 
a  blind  eye”  on  critical  occasions,  and  overall  organizational  dysfunction. 
In  addition,  IRA  penetrations  of  British  intelligence,  security,  communi¬ 
cations,  and  even  political  bodies  often  allowed  it  to  stay  a  jump  ahead 
of  counterinsurgency  initiatives  that  constantly  threatened  them,  even  as 
republican  forces  suffered  serious  attrition.  Finally,  his  attacks  so  provoked 
and  frustrated  the  British  that  they  were  tempted  into  over-reaction  and 
excesses,  thereby  mobilizing  additional  support  for  the  republican  cause 
and  creating  additional  pressure  on  the  government  for  some  resolution  to 
the  Irish  problem.28 

Because  of  the  audacity  and  innovation  of  Collins’  often  dramatic  suc¬ 
cesses,  there  may  be  a  danger  of  overstating  their  impact.  Certainly  other 
factors  also  led  to  a  July  1921  truce  between  the  British  and  Republicans. 
Nevertheless,  the  intelligence  war  clearly  played  an  important  role  in  bring¬ 
ing  about  the  truce  and  the  subsequent  December  1921  Anglo-Irish  Treaty 
that  established  the  Irish  Free  State  and  a  separate  six-county  Northern 
Ireland  that  was  allowed  to  opt  out  of  the  agreement  and  remain  part  of 
the  United  Kingdom.  Collins’  role  in  supporting  the  agreement,  however, 
was  judged  by  his  more  uncompromising  colleagues  as  a  sell-out  since  it  did 
not  achieve  full  republican  goals.  His  assassination  by  fellow  republicans 
10  months  later  cut  short  whatever  directions  his  leadership,  political,  and 
underground  warfare  skills  may  have  taken  him.29 
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Carlos  Marighella:  Guerrilla  Counterintelligence 
in  an  Urban  Environment 

Brazilian  insurgent  practitioner  and  theorist  Carlos  Marighella,  an  admirer 
of  Fidel  Castro,  was  one  of  a  significant  handful  of  Latin  American  guer¬ 
rillas  who  committed  his  ideas  on  the  successful  conduct  of  an  insurgency 
to  paper.  Unlike  General  Bayo  whose  thoughts  ran  mainly  to  rural-based 
guerrilla  warfare,  he  believed  that  revolution  could  be  promoted  most  suc¬ 
cessfully  in  urban  areas.  After  a  long  history  of  vocal  dissent  and  politi¬ 
cal  protest,  Marighella  helped  form  the  Marxist  armed  group  “Action  for 
National  Liberation”  (ALN — Acao  Libertadora  Nacional)  in  the  late  1960s. 
He  was  an  active  participant  in  a  number  of  armed  money-raising  efforts — 
robberies  and  kidnappings — in  Brazil  until  killed  in  a  carefully  prepared 
Sao  Paulo  police  ambush  in  1969.  While  his  book  For  the  Liberation  of  Brazil 
gained  attention,  his  main  contribution  to  the  practice  of  guerrilla  warfare 
was  Minimanual  of  the  Urban  Guerrilla ,3°  Marighella’s  ideas  inspired  and 
guided  the  Communist  Tupamaros  insurgency  in  Uruguay,  in  the  early 
1970s,  and  was  used  by  other  groups  around  the  world.  During  the  1970s  at 
least,  the  tract  was  banned  in  parts  of  Latin  America.  Minimanual,  familiar 
to  most  students  of  insurgency,  was  not  a  long  or  exhaustive  work  by  any 
means,  but  it  did  distill  some  key  lessons  and  truths  that  informed  aspiring 
Latin  American  and  other  insurgents  and  made  its  way  into  government 
security  forces  training  curricula.  Among  the  topics  he  chose  to  cover  was 
counterintelligence,  the  importance  of  which  he  stressed  and  the  criticality 
of  which  had  been  demonstrated  to  him. 

Marighella  took  cognizance  of  the  resources  that  government  security 
organizations  would  bring  to  bear  on  armed  dissident  groups  in  an  urban 
environment.  The  environment  he  accurately  perceived  was  one  in  which 
“the  urban  guerrilla  lives  in  constant  danger  of  the  possibility  of  being 
discovered  or  denounced.”  The  continuing  danger  of  infiltration  by  police 
or  intelligence  spies  was  judged  to  be  the  greatest  single  threat,  the  need 
to  remain  alert,  “well  hidden  and  well-guarded”  was  essential.  Marighella 
outlined  concerns  associated  with  the  most  important  threats  he  envisioned 
and  recommended  measures  to  mitigate  them: 

a.  Ensure  that  recruiting  is  conducted  in  utmost  secrecy. 
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b.  Prohibit  individual  guerrillas  from  learning  the  identities  of  more  than 
a  few  compatriots  and  limit  knowledge  of  planning  and  structure — “a 
fundamental  A-B-C  of  urban  guerrilla  security.” 

c.  Avoid  carelessness,  indiscipline,  and  lack  of  vigilance. 

d.  Guard  against  the  possession  of  documents,  addresses,  marginal  notes 
on  any  papers,  telephone  books,  biographical  information,  maps,  and 
planning  materials  or  maps  of  any  type. 

e.  Commit  all  needed  information  to  memory. 

f.  Correct  comrades  who  violate  rules  once  and  shun  them  if  they 
commit  such  actions  again. 

g.  Move  constantly  and  carefully  to  avoid  police  identification  of 
location. 

h.  Receive  information  on  police  and  security  movement,  concentration, 
and  activity  daily. 

i.  Maintain  security  and  silence  following  arrest,  particularly  in  regard 
to  insurgent  identities  or  locations. 

j.  Overall,  “the  most  important  lesson  for  guerrilla  security”  in  view  of 
the  threat — never  allow  stipulated  security  procedures  to  be  violated 
or  to  be  implemented  sloppily. 


Brazilian  insurgent  Carlos 
Marighella  addressed  urban 
guerrilla  counterintelligence 
practices  in  his  Minimanual 
that  was  used  by  many  insur¬ 
gent  groups.  He  was  killed 
in  a  police  ambush  when 
betrayed  by  two  informants. 
Photo  from  www.terrorfi- 
leonline.org/es/index.php/ 
lmagen:Carlos_Marighella. 
jpeg#file,  used  by  permission 
of  http://creativecommons.org/ 
licenses/by/2.5/. 
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As  a  consequence,  he  emphasized  the  early  need  for  any  guerrilla  group 
to  build  a  competent,  structured  intelligence  service.  While  intelligence 
would  be  tasked  on  the  one  hand  with  acquiring  “positive”  intelligence  (e.g., 
state  planning,  strength,  location,  support/financial  systems,  communica¬ 
tions,  and  covert  actions),  guerrilla  resources  had  to  be  devoted  at  the  same 
time  to  prevent  government  forces  from  ferreting  out  information  on  their 
plans,  fostering  betrayal  by  group  members  and  outside  supporters,  and 
infiltrating  spies  and  informers  into  the  insurgent  structure.  This  focus, 
he  insisted,  should  be  in  the  form  of  a  “counterespionage  or  counterintelli¬ 
gence  service”  that  targeted  specific  enemy  plans  and  activities.  It  also  would 
incorporate  all  kinds  of  nontargeted  information  gathered  in  the  course  of 
daily  activities  to  include  what  was  observed  of  human  interaction,  attitudes, 
the  content  of  overheard  conversations,  and  the  particulars  of  infrastruc¬ 
ture  sites  that  were  observed.  The  careful  reading  and  exploitation  of  public 
information — newspapers,  magazines,  and  media  broadcasts — were  judged 
as  contributive  to  an  “urban  guerrilla’s  decisive  advantage,”  especially  when 
reporting  on  police  activities. 

This  effort  would  constitute,  to  paraphrase  a  much  later  U.S.  intelligence 
formulation,  not  only  an  approach  in  which  “every  guerrilla  was  a  sensor” 
but  every  sympathizer  and  supporter  that  could  be  tapped  as  well.  In  other 
words,  Marighella  proposed  to  harness  the  entire  force  of  guerrillas  and 
associates  to  providing  a  picture  of  enemy  threats.  He  believed  that  in  this 
way  hostile  security  force  actions  in  concentrated  urban  areas  could  be 
reduced  as  guerrilla  popular  support  grew.  He  judged  that  a  large,  motivated 
population  would  provide  more  and  more  information  on  the  activities  of 
police  agencies  and  contribute  to  misleading  them.  He  expanded  on  this 
point  by  offering  his  view  that  government  police  and  security  forces — 
which  would  be  closely  studied  by  a  reporting  population  sympathetic  to  the 
insurgency — could  not  know  who  among  the  people  was  actually  passing 
information  to  the  insurgents.  Information  gathering  by  all  concerned  would 
involve  “observation,  investigation,  reconnaissance,  and  exploration  of  the 
terrain.”  Further,  “revolutionary  precaution” — careful  observation  and  wari¬ 
ness  to  include  “eyes  and  ears  open,  senses  alert,  and  his  memory  engraved 
with  everything  necessary” — was  to  overlay  information  gathering. 

Marighella  recommended  a  Cl  tactic  against  treachery  that  called  for 
insurgent  spokesmen  “to  denounce  publicly  the  traitors,  spies,  informers, 
and  provocateurs.”  But  his  heart  and  confidence  lay  in  guerrilla  actions 
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that  were  far  from  such  “soft”  responses  and  countermeasures  and  more  in 
keeping  with  his  repeated  call  for  revolutionary  violence.  Identified  inform¬ 
ers,  spies,  and  traitors  had  to  be  “properly  punished.”  By  this  he  meant 
physically  eliminated — executed  by  a  single  or  very  few  guerrillas  “operat¬ 
ing  in  absolute  secrecy  and  in  cold  blood.”  He  judged  it  would  substantially 
minimize  enemy  infiltration  and  spying.  As  he  also  put  this  explicitly,  in 
the  several  times  he  addressed  it,  “the  spy  trapped  within  the  organization 
will  be  punished  with  death.  The  same  goes  for  those  who  desert  and  inform 
to  the  police.” 31 

Islamic  Insurgent  and  Terrorist  Groups: 

Pervasive  Counterintelligence  Guidance 

The  variety  of  diverse  armed  groups  and  militant  movements  identified  as 
“Islamic”  terrorist  organizations  and/or  insurgencies  have  incorporated  a 
spectrum  of  defensive  and  offensive  Cl  practices  in  their  daily  activities  and 
operations.  Those  groups  operating  under  the  A1  Qaeda  umbrella,  Afghan 
and  Chechen  groups,  Filipino  Abu  Sayyaf  and  Moro  Islamic  Liberation 
Front  (MILF)  organizations,  Indonesian  groups  like  Jemaah  Islamiah  (JI), 
and  others  groups  around  the  world  have  become  Cl  practitioners  to  one 
extent  or  another.  In  some  cases,  this  attention  to  Cl  issues  is  manifested  in 
formal  organizational  ways — for  example,  organized  intelligence  and  coun¬ 
terintelligence  sections,  chiefs,  and  staffs;  training  or  instructional  programs 
designed  to  create  at  least  security  awareness  among  the  general  member¬ 
ship  and  sometimes  more  carefully  honed  Cl  skills;  and  active  practice. 

Depending  on  the  group,  observations  and  lessons  are  recorded,  adjusted, 
studied,  and  in  basic  and  more  sophisticated  ways  incorporated  in  the  plan¬ 
ning  and  operations.  Many  of  these  groups  and  movements  use  histori¬ 
cal,  including  quite  ancient,  examples.  This  practice  is  undertaken  for  the 
authority  and  legitimacy  it  lends  to  the  lessons  leaders  are  trying  to  instill 
and  perhaps  for  real  operational  input  as  well.  As  with  other  groups  around 
the  world,  a  major  concern  has  been  treachery  in  the  form  of  betrayal  by 
members  of  the  group,  by  the  infiltration  of  police  or  intelligence  agents, 
or  by  outside  observers. 

Ancient  lessons  and  stratagems  form  a  basis  for  admonitions  to  group 
members  to  act  decisively  when  spies  and  informers  are  caught,  as  with  the 
following  8th  century  instruction: 
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As  far  as  people  who  have  been  convicted  of  spying,  if  they  are  for¬ 
eigners  from  a  hostile  country,  Jews,  Christians,  or  Persians  who  are 
Arab  subjects,  they  must  be  decapitated.  If  they  are  bad  Muslims, 
one  has  to  inflict  painful  punishment  on  them  and  put  them  into 
prison  for  a  long  term.32 

At  the  same  time,  the  most  modern  Cl  considerations  are  discussed  and 
evaluated,  sometimes  using  extensive  foreign  materials.  A  notable  recent 
example  is  Muhammad  Khalil  Al-Hakaymah’s  look  at  the  U.S.  Intelligence 
Community  in  The  Myth  of  Delusion?3 

The  author,  possibly  killed  in  Waziristan  by  an  airstrike  in  late  2008, 
was  a  long-time  Egyptian  Islamic  radical  and  more  recently  an  apparent 
A1  Qaeda  affiliate.  In  the  monograph,  Muhammad  Khalil  Al-Hakaymah 
undertook  to  survey  and  comment  upon  most  components  of  the  U.S.  intel¬ 
ligence  establishment.  While  not  entirely  accurate  in  fact  and  understanding 
and  more  descriptive  than  originally  analytical,  it  was  a  serious  effort  based 
on  competent,  if  not  comprehensive,  open  sources.  It  probably  serves  as  a 
useful  primer  for  jihadists,  and  especially  those  concerned  with  threats  to 
security  and  who  require  an  overview  of  U.S.  intelligence  potential.  Abu 
Bakr  Naji’s  Management  of  Savagery  offers  some  more  specific  concerns 
couched  in  more  original  thinking.34 

Abu  Bakr  Naji  pointed  to  general  operating  principles  as  well  as  to 
some  more  defined  current  and  future  planning  tenets.  He  provided  some 


Cover  of  the  jihadist  study 
of  the  U.S.  Intelligence 
Community  entitled  The 
Myth  of  Delusion,  which 
is  intended  to  provide 
Islamic  militants  with  an 
understanding  of  the  U.S. 
intelligence  threat.  The 
publication  appeared  origi¬ 
nally  on  the  now  defunct 
www.almaqreze.com  site. 
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defensive  and  offensive  considerations  including  how  A1  Qaeda  may  consider 
approaches  for  neutralizing  enemy  spies  and  informers  and  defeating  U.S. 
and  allied  efforts  to  infiltrate  spies  as  well  as  to  leverage  or  coerce  informers.35 
The  work  notes  how  the  “horrors”  of  th ejihadist  struggles  gradually  reveal 
collaborators  within  the  movement.  These  revelations  become  particularly 
more  evident  as  jihadist  ranks  expand  and  as  circumstances  bring  group 
members  into  close  contact  with  the  various  peoples  and  societies  where 
the  movement  operates.  Developing  close  relations  with  the  population 
has  to  be  a  priority  because  is  essential  for  protecting  the  movement  from 
infiltration.  As  the  author  put  it,  they  can  provide  “good  eyes  and  armor  for 
us  and  protect  us  from  spies”  in  ways  that  wovdd  be  difficult  or  impossible 
to  replicate  with  internal  resources.36 

Principles  for  discovering  spies  are  set  out  in  published  mujahid  “secu¬ 
rity  reports.”  When  a  spy  or  informer  is  identified  and  confirmed,  he  must 
be  punished  with  the  “utmost  coarseness  and  ugliness”  in  order  to  deter 
“weak  souls”  and  others  tempted  to  follow  a  similar  path  of  betrayal.  Even  if 
this  means  tracking  a  confirmed  spy  for  years,  should  he  happen  to  escape 
and  flee  initially,  he  still  should  be  found  and  punished.  An  opportunity 
for  confession  and  forgiveness  should  be  available  for  unidentified  inform¬ 
ers  who  want  to  admit  “mistakes”  in  dealing  with  the  enemy.  The  use  of 
rumors  suggesting  that  spies  have  been  caught  and  “turned”  are  employed 
to  create  uncertainty  among  adversaries.  In  language  that  replicates  that  of 
Michael  Collins’  often  articulated  concept  in  some  respects,  the  importance 
of  neutralizing  the  informant  or  spy  eyes  and  ears  of  the  police  and  secu¬ 
rity  forces  is  stressed.  This  point  applies  not  just  to  those  collaborators  that 
have  contrived  to  occupy  higher  positions  among  the  mujahid  but  even  the 
lowest  level  informers  who  are  really  those  who  enable  police  and  security 
forces  to  conduct  investigations  and  target  mujahid  facilities  and  individu¬ 
als  in  their  day-to-day  operations.  Media  attention  to  such  retribution  is  to 
be  welcomed.37 

The  dangers  to  the  movement  in  the  event  a  mujahid  is  captured  by  the 
enemy  are  manifest  and  obvious.  Management  of  Strategy  considers  some 
options  for  various  kinds  of  behavior  during  interrogation.  Each  has  its 
own  uncertainties  and  shortcomings  whatever  the  intent  of  the  captured 
mujahid.  The  author  reaches  a  conclusion  for  what  he  thinks  is  the  best 
solution:  “Rather  [than  try  to  outwit  the  interrogator],  a  mujahid  should 
not  submit  to  capture  in  the  first  place.  He  should  fight  until  death  and  not 
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be  captured;  he  should  turn  that  battle  into  a  slaughterhouse  for  the  forces 
who  are  conducting  searches.”37 

Among  the  offensive  Cl  approaches  addressed  is  a  jihadi  imperative  to 
infiltrate  institutions,  over  the  course  of  a  long  struggle,  and  the  theoretical 
framework  for  actions  that  not  only  A1  Qaeda  but  also  various  terrorist  (and 
criminal)  groups  have  undertaken.  Specifically,  Abu  Bakr  Naji  indicates: 

Our  battle  is  long  and  still  in  its  beginning ....  Its  length  provides  an 
opportunity  for  infiltrating  the  adversaries  and  their  fellow  travelers 
and  establishing  a  strong  security  apparatus  that  is  more  supportive 
of  the  security  of  the  movement  now,  and  later  the  state.  [We]  should 
infiltrate  the  police  forces,  the  armies,  the  different  political  parties, 
the  newspapers,  the  Islamic  groups,  the  petroleum  companies  (as  an 
employee  or  as  an  engineer),  private  security  companies,  sensitive 
civil  institutions,  etc.  That  actually  began  several  decades  ago,  but 
we  need  to  increase  it  in  light  of  recent  developments.38 

The  application  of  this  kind  of  instruction  has  been  evident  in  the  police, 
military,  and  security  forces  of  many  Islamic  states  as  well  as  in  those  devel¬ 
oping  indigenous  security  forces  in  Iraq  and  Afghanistan.  The  potential 
represented  by  the  CIA’s,  FBI’s  and  U.S.  Marine  Corps’  employment  of  indi¬ 
viduals  with  possible  Hezbollah  affiliations  recently  (addressed  below)  as 
well  as  among  private  security  firms  in  the  West  suggests  that  the  potential 
is  not  limited  to  countries  with  predominantly  Islamic  populations.  Recent 
assessments  of  A1  Qaeda  and  other  jihadist  recruitment  efforts  among 
Muslims  who  are  resident  in  Western  countries  or  converted  westerners — 
as  well  as  reports  from  at  least  2004  of  the  recruitment  and  deployment  of 
European  or  European-appearing  jihadists — suggests  a  close  association 
with  the  “infiltration”  advice  above.38 

A1  Qaeda  and  other  jihadist  documents  are  sprinkled  or  suffused  with 
advice  and  instructions  for  security  and  vigilance  to  protect  friendly 
resources  and  planning,  as  well  as  conducting  offensive  Cl  initiatives.  In 
addition  to  Management  of  Savagery  and  the  Myth  of  Delusion  addressed 
above,  the  now  well-known  lessons-learned  tract,  Military  Studies  in  the 
Jihad  Against  the  Tyrants  prepared  about  a  decade  earlier,  other  writings, 
jihadist  Internet  postings,  and  captured  documents  address  a  number  of 
precepts  associated  with  Cl  concerns. 
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A  variety  of  Cl  considerations,  as  well  as  more  specific  treatments  of 
topics  that  fall  directly  into  the  Cl  venue,  are  woven  through  instructions 
and  basic  tradecraft.  A  few  of  these,  principally  from  Military  Studies  but 
typical  of  issues  addressed  in  other  materials,  are  highlighted  below.  They 
are  intended  to  convey  a  sense  of  the  scope  of  Cl  functions  considered. 
Interested  readers  can  find  more  detailed  discussions  and  numerous  illustra¬ 
tive  historical  examples  in  this  basic  document,  together  with  other  closely 
related  materials  in  the  writings  and  speeches  of  prominent  jihadists:39 

a.  Keeping  Secrets  and  Concealing  Information.  With  references  to 
Quranic  quotes  (“Seek  Allah’s  help  in  doing  your  affairs  in  Secrecy”), 
note  is  made  of  the  importance  and  difficulties  of  protecting  informa¬ 
tion  and  use  of  codes  and  ciphers  among  other  topics.  This  practice 
limiting  the  individuals  who  know  operational  details,  even  one’s 
closest  colleagues  and  one’s  wife  (as  Mohammed  did  with  his  wife 
A’isha  in  his  undertakings). 

b.  Surveillance.  Both  friendly  and  enemy,  including  the  various  types 
and  means  used,  are  addressed.  Also  considered  are  a  host  of  tradecraft 
topics  associated  with  surveillance  in  different  circumstances — for 
example,  familiarization  with  the  area  and  target,  traffic  flows,  and 
location  of  police  stations  and  security  centers. 

c.  Recruiting,  Evaluating,  Training.  A  process  with  many  Cl  sensitivi¬ 
ties,  this  dimension  receives  the  same  emphasis  that  it  does  among  so 
many  other  insurgent  groups.  The  kinds  of  attributes  that  th ejihadist 
recruit  should  possess  include,  among  others,  intelligence  and  insight; 
caution  and  prudence;  ability  to  observe  and  analyze:  an  ability  to  act, 
change  positions,  and  conceal  oneself;  and  maturity  and  an  ability 
to  keep  secrets.  Also  addressed  are  ways  to  “test”  recruits  for  loyalty 
and  competence  and  the  specialized  process  of  recruiting  agents  who 
will  work  in  behalf  of  the  movement. 

d.  Financial  Security  Precautions.  Includes  issues  of  handling  and 
managing  operational  funds  including  the  need  for  secrecy  in  location 
and  avoiding  the  maintenance  of  all  money  in  one  location. 

e.  Protecting  Documents,  Forged  and  Real.  Deals  with  the  security 
of  documents  and  the  thorough  familiarity  with  them  in  the  event 
of  questioning  about  particulars,  as  well  as  tradecraft-like  strictures 
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on  traveling  to  a  country  that  purportedly  issued  the  false  passport 
one  is  using. 

f.  Care  with  Aliases.  Avoidance  of  having  more  than  one  identity  in 
the  general  area  of  operation  and  the  need  to  ensure  compatibility 
with  the  names  of  other  members  of  the  group. 

g.  Arrest  and  Interrogations.  Discusses  the  various  kinds  of  question¬ 
ing  and  physical  and  psychological  coercion  a  mujahid  might  be  sub¬ 
jected  to  and  ways  that  he  should  conduct  himself  to  include  making 
the  charge  that  torture  was  used  and  demanding  it  be  included  in  a 
formal  record  of  his  imprisonment  and  questioning. 

h.  Security  for  Facilities  from  Infidel  Surveillance  and  Actions. 
Addressing  the  careful  selection  of  safe  houses  and  other  facilities, 
primarily  in  urban  environments,  to  include  appropriateness,  entry, 
and  egress  routes  as  well  as  emergency  escape  routes,  concealed  areas 
within  for  the  secretion  of  documents,  or  other  sensitive  items. 

i.  Communications  Security.  Addressing  detailed  attention  to  the 
approaches  and  dangers  of  telephonic  contacts,  personal  meetings, 
information  delivered  by  messenger,  letters,  facsimile  machine,  wire¬ 
less  communications,  radio,  and  TV.  Myth  of  Delusion  also  discusses 
the  topic  in  some  detail  in  relation  to  intelligence  capabilities. 

The  early-mid  1990s  and  later  considerations  referred  to  above  continue 
to  be  supplemented  by  the  new  and  sometimes  innovative  technological 
developments  and  updated  warnings  of  enemy  capabilities,  dangers,  and 
countermeasures.40  New  techniques  of  computer  encryption  (including  the 
software  “Secrets  of  the  Mujahideen”)  and  other  developments  are  set  out 
in  instructional  materials  like  the  online  Technical  Mujahid  that  appeared 
for  the  first  time  in  late  2006.  The  latter  featured  pieces  on  clandestine  com¬ 
munications  (including  steganography  and  steganalysis),  Web  site  design, 
and  weapons  technology  among  other  topics.  At  least  one  subsequent  issue 
has  been  published.41 

A  general  concern  with  unwanted  associations  and  a  need  for  overall 
watchfulness  in  everyday  contact  is  emphasized  for  members.  For  example, 
in  late  2006,  a  number  of  news  organizations  and  specialized  Internet  infor¬ 
mation  sites  released  the  text  of  a  Taliban  “Layeha,”  a  term  usually  rendered 
in  English  as  “Rulebook”  or  “Book  of  Rules.” 
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In  Afghanistan,  Taliban  rules  of 
conduct  reflect  a  strong  coun¬ 
terintelligence  concern  amidst 
other  guidelines  for  members. 

Mohammed  Naim  Farouq,  former 
Guantanamo  detainee,  earned 
a  criminal  reputation  well  out  of 
accord  with  Taliban  standards 
of  conduct  but  is  nevertheless 
now  reckoned  to  be  a  Taliban 
leader.Travis  Heying/Wichita 
Eagle/MCT  photo,  used  by 
permission  of  Newscom. 


In  its  Pashtu  original,  it  was  15  pages  in  length  and  comprised  a  list  of 
30  “obligations”  approved  by  the  “Supreme  Leader  of  the  Islamic  Emirate 
of  Afghanistan”  for  those  that  had  embraced  jihad.42  The  document  was 
distributed  to  some  33  attendees  at  a  Shura  Council  meeting  during  the 
Ramadan  Muslim  religious  observance  (which  in  2006  was  5  September 
to  24  October). 

Some  of  the  items  dealt  with  Cl  measures,  comprising  brief  reminders  to 
those  that  the  need  for  security  was  continuing.  While  Mideast  specialists 
may  find  the  comparison  ill- chosen,  the  resemblance  of  Taliban  “rules”  to 
those  promulgated  among  Bandido  motorcycle  members  (and  the  Sicilian 
Mafia  as  well)  is  evident.43  They  are  a  reminder  of  the  common,  enduring 
considerations  that  influence  security-aware  organizations  perceiving  out¬ 
side  threats.  Among  several  security-related  examples  from  the  “layeha” 
are  the  following: 

a.  Each  mujahideen  who  is  in  contact  with  supporters  of  the  current 
regime  and  who  invites  them  to  join  the  true  Islam  has  to  inform 
his  commander. 
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b.  Those  who  accept  the  invitation  to  join  the  true  Islam  but  are  not 
loyal  and  become  traitors  will  lose  their  contract  with  us  and  not  be 
protected  by  us.  There  is  no  way  to  give  them  another  chance. 

c.  If  someone  who  is  working  with  the  infidels  wants  to  cooperate  with 
the  mujahideen,  nobody  is  allowed  to  kill  him.  If  somebody  kills  him, 
he  will  face  the  Islamic  sharia  court. 

d.  If  a  member  of  the  opposition,  or  the  government,  wants  to  surrender 
to  the  Taliban,  we  can  consider  their  conditions;  however,  the  final 
decision  has  to  be  made  by  the  military  council. 

e.  Working  for  the  current  puppet  regime  is  not  permitted,  either  in  a 
madrassa  [religious  school]  or  as  a  schoolteacher,  because  that  pro¬ 
vides  strength  to  the  infidel  system.  In  order  to  strengthen  the  new 
Islamic  regime,  Muslims  should  hire  a  religious  teacher  and  study  in 
a  mosque  or  another  suitable  place  and  the  textbooks  used  should  be 
from  the  mujahid  [anti-Soviet  war]  time  or  the  Taliban  time. 

f.  Those  who  are  working  in  the  current  puppet  regime  as  a  madrassa 
teacher  or  schoolteacher  should  be  warned.  If  he  does  not  stop,  he 
should  be  beaten.  But  if  a  teacher  is  teaching  against  the  true  Islam, 
he  should  be  killed  by  the  district  commander  or  a  group  leader. 

g.  The  nongovernment  organizations  that  came  in  the  country  under 
the  infidel’s  government  are  just  like  the  government.  They  came  here 
under  the  slogan  of  helping  the  people  but  in  fact  they  are  part  of  this 
regime.  That  is  why  their  every  activity  will  be  banned,  whether  it  is 
building  a  road,  bridge,  clinic,  school  or  madrassa,  or  anything  else. 
If  a  school  matches  these  conditions,  it  should  be  burned.  If  it  is  told 
to  close  but  does  not,  it  should  be  burned.  But  before  burning  it,  all 
religious  books  should  be  taken  out. 

h.  Before  someone  is  found  guilty  of  being  a  spy,  and  can  be  punished, 
no  commander  or  person  of  responsibility  is  allowed  to  interfere.  Only 
the  district  general  commander  is  allowed  to  do  so.  In  court,  evidence 
has  to  be  brought  forward  that  might  prove  the  accused  person  to  be 
a  spy.  The  persons  who  bring  forward  the  evidence  should  be  men¬ 
tally  well  and  have  a  good  religious  reputation.  They  must  not  have 
committed  a  big  crime.  The  accused  should  be  punished  only  after 
the  whole  case  is  closed  and  he  is  found  guilty. 

i.  Every  mujahid  group  is  committed  to  keep  watchful  guards  on  duty 
day  and  night. 
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Collectively,  the  issues  addressed  above  convey  a  concern  with  counter¬ 
intelligence  measures  that  runs  deep  in  jihadist  thinking.  The  precepts  and 
imperatives  do  not  differ  markedly  from  the  approaches  voiced  by  other 
insurgent  groups,  save  for  the  religious  context  that  underpins  the  do’s  and 
don’ts  of  protection,  personal  conduct,  and  offensive  action. 


Some  External  Influences 

The  variety  of  counterintelligence  approaches  associated  with  insurgent 
groups  is  certainly  home-grown  in  some  cases,  a  legacy  of  tribal,  ethno- 
national,  and  a  host  of  time-honored  regional  approaches  shaped  by  trial 
and  error.  Tribal  warfare,  simmering  and  intermittently  acute  ethnic  ten¬ 
sions  and  violence,  and  smuggling  and  other  criminal  endeavors  have  among 
other  factors  developed  and  honed  practices  and  contributed  to  more  applied 
Cl  approaches.  Many  insurgent  groups  have  benefited  also  from  having 
members  who  served  in  their  national  militaries.  They  brought  both  formal 
knowledge  of  basic  Cl  methods  and  techniques,  as  well  as  an  understanding 
of  the  government  intelligence  services  and  forces  they  were  engaging. 

But  there  have  been  many  external  influences  as  well.  Lessons  and 
instructional  materials  from  outside  insurgent  groups — some  allied,  others 
loosely  supportive,  and  some  having  no  discernible  relationship  beyond 
armed  violence — have  found  their  way  into  guerilla  “libraries.”  Even  before 
the  advent  of  the  Internet,  it  had  been  a  common  occurrence  to  find  such 
diverse  materials  in  caches  of  guerrilla 

documents  from  all  parts  of  the  world.  . . .  the  studied  reading  of  foreign 

For  many  groups,  the  studied  reading  reporting  and  documents  has 
of  foreign  reporting  and  documents  proven  a  source  for  information, 
has  proven  a  source  for  information,  ideas,  and  instruction. 
ideas,  and  instruction.  The  Myth  of 
Delusion  previously  mentioned  is  a  recent  case  in  point. 

It  is  clear  that  World  War  II  contributed  to  the  base  of  insurgent  intelli¬ 
gence  and  counterintelligence  skills  and  knowledge  in  at  least  some  regions. 
Certainly,  the  experience  in  fighting  the  Japanese  in  southern,  southeast, 
and  north  Asia  was  instrumental  in  providing  the  know-how  that  sup¬ 
ported  postwar  guerrilla  forces  as  they  sometimes  fought  their  way  to 
national  power  or  failed  after  long  struggles.  In  Eastern  Europe  and  Central 
Eurasia,  partisan  (guerrilla)  groups  engaged  in  some  of  the  largest  irregular 
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warfare  operations  in  history,  creating  a  base  of  intelligence  and  Cl  wisdom 
and  practices  that  informed  both  the  Axis  combatants  and  the  guerrillas 
themselves.  The  distinguished  historian  John  Keegan,  in  his  well-regarded 
work  Intelligence  in  War,  directly  linked  the  experience  of  the  U.S.  Office  of 
Strategic  Services  (OSS)  and  the  British  Special  Operations  Executive  (SOE) 
to  the  tradecraft  of  postwar  terrorist  armed  groups.  He  summed  up  this 
view,  for  which  there  is  some  evidence,  as  follows: 

Like  all  post-1945  terrorist  organizations,  it  [A1  Qaeda  terrorism] 
appears  to  have  learnt  a  great  deal  from  the  operations  of  Western 
states’  special  forces  during  the  Second  World  War,  such  as  SOE  and 
OSS,  which  developed  and  diffused  most  of  the  modern  techniques 
of  secret  warfare  among  the  resistance  groups  of  German- occupied 
Europe  during  1940-1944;  the  copious  literature  of  secret  warfare 
against  the  Nazis  provides  the  textbooks.44 

While  some  would  find  it  provocative,  Keegan  takes  specific  note  of  tech¬ 
niques  taught  to  the  OSS  and  SOE  for  behavior  by  captured  agents  during 
interrogation.  He  observed  that  these  techniques  often  failed  when  used 
against  the  tortures  typically  employed  by  the  Gestapo  against  real  and 
suspected  OSS  or  SOE  operatives — male,  female,  and  the  most  youthful 
resistance  fighters  alike.  However,  he  believes  that  these  same  techniques 
pioneered  six  decades  ago  work  very  well  today  against  Western  intelligence 
interrogation  efforts  that  are  constrained  by  laws  of  war,  other  interna¬ 
tional  and  domestic  legal  strictures,  and  U.S.  and  allied  policies.  Captured 
A1  Qaeda  militants,  for  example,  have  proved  far  more  resistant  to  inter¬ 
rogation  than  did  many  of  the  extraordinarily  brave  and  resourceful  SOE 
and  OSS  operatives.45 

The  extent  to  which  current  insurgent  and  terrorist  groups  would  agree 
is  unclear.  But  the  many  examples  of  OSS  and  SOE  guerrilla  operations 
recounted  in  recent  works  using  newly  declassified  material  suggest  that 
Keegan  may  have  a  point  (though  some  agents  resisted  everything  and  never 
revealed  the  identity,  locational,  and  operational  details  sought).  But  more 
broadly  than  this  were  the  other  elements  of  tradecraft  that  were  “diffused” 
following  the  war.  These  included  the  traditional  techniques  of  secrecy  and 
deception  on  the  human  intelligence  side.  In  addition,  it  encompassed  the 
technical  side  also,  as  with  the  famous  “radio  game” — or  German  desig- 
nated  funkspeil — involving  the  coerced  control  or  impersonation  of  captured 

32 - 


Turbiville:  Guerrilla  Counterintelligence 


agents  paradropped  and  otherwise  infiltrated  into  target  areas;  the  coun¬ 
termeasures  and  double-crosses  developed  and  employed;  and  the  accom¬ 
panying  advances  in  radio  direction  finding,  its  neutralization,  encryption, 
and  other  advances.46  While  technology  has  changed,  the  principles  and  the 
culture  of  deception  from  the  period,  to  whatever  extent  actually  transmit¬ 
ted  to  armed  groups,  is  evident  in  guerrilla  Cl  discourses  and  activities. 

Perhaps  the  greatest  outside  influences  on  guerrilla  Cl  approaches  and 
activities  are  those  dating  from  the  Cold  War.  These  are  still  pertinent  since 
they  became  institutionally  embedded  in  general  guerrilla  intelligence/CI 
tradecraft  and  activity,  even  as  events  and  local  conditions  have  modified 
them.  It  is  well  known  and  documented  that  Soviet  and  East  European  com¬ 
munist  intelligence  services  played  key  roles  in  training  guerrilla  cadres  of 
all  types,  including  those  engaged  in  insurgent  intelligence  and  Cl  work. 
These  complex,  multifaceted  support  efforts — carried  out  clandestinely  in 
insurgent  host  countries  and  in  the  USSR,  Eastern  Europe,  and  third  coun¬ 
try  camps  and  facilities  as  well — trained  several  generations  of  insurgents 
and  terrorists  in  pertinent  skills  including  those  of  intelligence  and  coun¬ 
terintelligence.  This  history  is  too  extensive  to  be  addressed  here  but  needs 
to  be  considered  as  a  backdrop  in  more  focused  assessments  of  current 
approaches.  One  example  is  worth  noting,  however,  since  it  contributed  so 
much  to  guerrilla  approaches  in  a  region  of  the  world. 

The  example  is  the  role  of  the  East  German  Ministry  for  State  Security 
(Ministerium  fur  Staatssicherheit — MfR),  more  commonly  known  as  the 
Stasi.  Stasi  training  and  support  efforts  covered  a  number  of  areas  of  the 
world.  Its  influence,  however,  was  particularly  strong  in  Cuba,  where  the 
Cuban  Ministry  of  the  Interior  (MINIT)  was  charged  with  a  broad  spectrum 
of  internal  and  external  security  functions  and  became  in  many  respects 
a  close  Stasi  analog.  The  nature  of  the  close  relationship  had  been  asserted 
and  partially  documented  for  years  in  Western  assessments.  The  training  of 
Cuban  intelligence  and  counterintelligence  officers  in  the  techniques  of  the 
East  German  “counterintelligence  state”  was  evident  in  many  ways. 

The  demise  of  the  German  Democratic  Republic  in  1991  and  conse¬ 
quent  access  to  Stasi  files  confirmed  and  expanded  the  understanding  of 
the  relationship. 

Regarding  guerrilla  Cl,  this  relationship  is  important  because  Cuban 
trainers  played  substantial  roles  in  passing  on  their  knowledge  to  Latin 
American  and  other  insurgent  groups.  Cuban  researcher  Jorge  Luis  Vazquez, 
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Soviet  and  Warsaw  Pact  intelligence  services  greatly  influ¬ 
enced  Marxist  and  other  insurgent  groups  around  the  world 
The  opening  of  Stasi  files  confirmed  the  close  relationship 
between  the  East  German  counterintelligence  organiza¬ 
tion  and  the  Cuban  Ministry  of  the  Interior,  which  adopted 
many  of  its  Cl  approaches  for  further  dissemination  to  Latin 
American  and  African  insurgencies.  AFP  photo,  used  with 
permission  by  Newscom. 


who  has  spent  years  examining  Stasi  files  dealing  with  Cuba,  judges  that 
“what  we  see  is  a  copy  of  the  Stasi  system  that  spread  across  the  developing 
world — from  Angola,  Ethiopia,  and  Mozambique  to  Nicaragua,  Guatemala, 
and  El  Salvador.” 47  Cuban  insurgent  trainers  and  cadres  trained  by  MINIT 
deployed  to  near  and  distant  African  conflict  areas  to  train  indigenous  guer¬ 
rillas  in  such  skills  as  “observation,  espionage,  and  interrogation  techniques” 
supplementing  what  the  German  Democratic  Republic  (GDR),  USSR,  and 
other  East  European  communist  states  did  more  directly.48 

In  addition  to  state  sponsorship  provided  during  the  Cold  War  by  the 
USSR  and  East  European  allies,  other  communist  states  (e.g.,  the  People’s 
Republic  of  China  and  North  Korea)  at  times  trained  guerrillas  and  sent 
material  support  to  them.  So  too  have  various  authoritarian  regimes  to 
include,  as  is  well  known,  Saddam-era  Iraq,  Libya,  and  others.  In  recent 
years,  guerrilla  groups  have  contracted  for  support  from  freelance  or  crimi¬ 
nal  organizations,  though  the  Cl  dimension  of  such  support  has  probably 
been  minimal. 
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Cultural  issues  and  their  impact  on  intelligence  are  usually  addressed  in 
terms  of  unthinking  government  or  foreign  security  force  activities  during 
insurgencies.  However,  they  may  in  many  cases  fundamentally  affect  the 
security  of  insurgents  as  well.  The  competent  treatment  of  tribal,  religious, 
and  ethnic  groups — whose  support  and  participation  in  an  insurgency  is  a 
point  of  consideration — has  sometimes  been  ignored  by  aspiring  insurgents 
or  terrorist  armed  groups.  The  much  publicized  disaffection  and  eventual 
intense  hostility  developing  among  some  Iraqi  insurgents  and  A1  Qaeda  in 
Iraq  is  only  a  recent  manifestation  of  the  problem  faced  by  some  insurgen¬ 
cies.49  While  once  making  common  cause  against  the  U.S.-led  multinational 
coalition,  the  later  operational  and  intelligence  difficulties  encountered  by 
foreign  fighters  have  been  manifest.  This  problem  is  recent  but  not  unique 
to  some  insurgencies. 

One  consequence  for  guerrilla  groups  who  were  not  properly  prepared  to 
deal  with  cultural  issues  has  been  to  undermine  the  creation  of  informant 
networks  and  to  leave  an  indifferent  or  hostile  population  base  that  mate¬ 
rially  harms  guerrilla  efforts.  This  appears  to  have  been  the  case  for  Che 
Guevara  in  Bolivia — perhaps  the  best  known  popular  illustration — where 
he  noted  in  his  diary  that  his  group  had  learned  Quechua,  but  that  the  local 
tribal  language  in  his  area  of  operations  was  Tupi- Guarani.  The  consequence 
of  this,  as  he  noted,  was  a  lack  of  rapport  between  the  guerrillas  and  the 
Indians,  great  difficulties  in  recruiting,  and  the  existence  of  a  population 
base  that  might  be  inclined  to  inform  authorities  about  his  activities.50  This 
situation  had  a  substantial  impact  on  Che’s  activities  and  could  plausibly 
be  judged  as  a  significant  factor  in  his  eventual  failure. 

In  Peru,  during  mid-1960s  operations  of  the  short-lived  National 
Liberation  Army  insurgency  (Ejercito  Liberation  Nacional — ELN),  language 
also  presented  a  serious  Cl  problem  for  the  guerrillas.  The  ELN  leader  Hector 
Bejar  acknowledged  in  his  “autocriticism,”  written  in  a  Peruvian  prison,  that 
a  serious  lack  of  rapport  existed  between  his  fighters  and  the  Indian  peas¬ 
ants.  He  identified  the  difficulties  his  guerrillas  had  in  places  like  Ayacucho 
(the  birthplace  of  Sendero  Luminoso  years  later),  where  large  numbers  of 
Quechua  speakers  resided  and  where  Spanish  speakers  like  his  men  were 
regarded  as  outsiders  and  “bosses.”  Further,  he  observed  that  it  was  far  from 
sufficient  to  have  just  a  few  words  of  Quechua.  Bejar ’s  look  back  at  the  fail¬ 
ure  of  his  insurgency  made  this  point,  which  had  deep  Cl  implications.  His 
judgment  was  that  “for  the  guerillas  to  gain  the  trust  of  the  peasantry  they 
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must  be  able  to  speak  Quechua,  and  not  just  any  Quechua,  but  the  dialect 
spoken  in  the  zone  where  they  are  operating . . 51 

Hand  in  hand  with  the  language  shortfalls  was  the  lack  of  apprecia¬ 
tion  for  Indian  customs.  Bejar  emphasized  that  simple  good  works  were 
not  enough,  even  though  they  might  be  appreciated.  Good  works  could  be 
negated,  and  were,  by  the  guerrillas’  failure  to  exercise  discipline  in  their 
conduct  around  the  Indian  populace.  They  did  not  steep  themselves  in 
Indian  habits  and  offended  them  with  seeming  arrogance  and  unknowing 
insults  to  their  feelings  and  sensitivities.  This,  like  language  deficiencies, 
created  Cl  dangers  for  the  guerrilla  force,  even  as  the  guerrillas  thought  they 
were  winning  their  appreciation  by  forming  various  services.  According  to 
Bejar’s  judgment: 

In  spite  of  the  goodwill  that  they  earned,  the  guerrillas  lacked  a  deep 
understanding  of  local  customs.  This  would  have  allowed  them  to 
distinguish  the  traitors  from  their  friends  with  greater  precision 
and  to  obtain  better  and  more  pertinent  information  concerning 
the  enemy’s  movements.52 

In  Guinea-Bissau,  the  1960s  and  early  1970s  insurgency  conducted 
under  the  African  Independence  Party  of  Guinea  and  Cape  Verde  (Partido 
Africano  da  Independence  da  Guine  e  Cabo  Verde — PAIGC)  encountered 
cultural  complexities  in  waging  their  fight  against  the  Portuguese.  One  of 
these  was  the  refusal  of  some  tribal  groups  to  deploy  guerrillas  to  areas 
beyond  their  home  territory,  a  concept  that  seemed  unreasonable  to  men 
who  wanted  to  protect  their  own  homes,  families,  and  fellow  tribesmen.  In 
addition,  the  increasing  bloodshed  of  the  insurgency  tended  to  be  inter¬ 
preted  in  terms  of  supernatural  reasons  and  led  some  villagers,  including 
guerrilla  fighters,  to  seek  supernatural  protection.  Faith  in  fetishes,  instead 
of  training,  cost  the  lives  of  many  guerrillas  who  believed  they  would  be 
protected  by  these  traditional  objects,  while  sorcerers  possessed  the  author¬ 
ity  to  determine  whether  they  would  fight  on  a  given  day  or  move  to  an  area 
designated  by  guerrilla  leaders. 

This  problem  was  serious  enough  that  it  engaged  the  PAIGC  leadership 
and  the  movement’s  political  mobilization  cadres  who  tried  to  influence 
popular  beliefs  with  alienating  populations  whose  support  was  needed  for 
intelligence,  security,  fighting  strength,  and  sustainment.  For  example,  rebel 
leader  Amilcar  Cabral  sought,  with  some  success,  to  imbue  traditional  spirits 
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like  the  forest  spirit  iran  with  “nationalist  sentiments”  that  would  permit  the 
establishment  of  guerrilla  camps  and  movement  routes  under  the  safe  cover 
of  the  forests.53  One  specialist  summarized  the  importance  of  this  seemingly 
exotic  problem,  and  an  intelligent  effort  to  achieve  balance,  this  way: 

The  repeated  attempts  to  overcome  these  cultural  constraints  are  an 
indication  of  the  influence  of  such  factors  upon  the  development  of  a 
people’s  war.  Much  of  his  [PAIGC  leader  Cabral’s]  effort  was  devoted 
to  understanding  cultural  influences  and  reducing  their  sway  over 
the  party  leaders  and  fighters.54 

The  surprising  and  relatively  complete  PAIGC  success  in  a  long,  bloody 
fight  for  independence  was  an  unusual  accomplishment  in  an  African  colo¬ 
nialist  struggle.  Soviet  and  Communist  “bloc”  support  of  the  guerrillas 
(from  the  USSR,  Cuba,  and  China)  undermined  its  legitimacy  as  a  “national¬ 
ist”  movement.  Nevertheless,  Cabral’s  balanced  efforts  in  managing  cultural 
differences  among  guerrilla  fighters  and  population  segments  were  based 
on  avoiding  heavy-handed  assaults  on  the  often  frustrating  tribal  cultures. 
At  the  same  time,  the  PAIGC  was  able  to  nudge  them  into  views  and  deci¬ 
sions  that  more  closely  supported  the  insurgents’  requirements.  Cabral’s 
killing  by  a  rival  no  doubt  contributed  to  a  troublesome  post-independence 
period  including  retaliation  against  those  who  had  fought  on  the  side  of 
the  Portuguese. 

The  general  precepts  and  principles  described  in  the  sections  thus  far 
have  been  translated  into  action  by  disparate  insurgent  groups  with  varying 
degrees  of  success.  Illustrations  of  this  success  are  what  follows. 


Counterintelligence  Approaches  and  Effectiveness 

Most  insurgent  groups  have  applied  variants  of  the  kinds  of  guidelines, 
principles,  and  concepts  previously  addressed.  Specific  examples  abound 
of  how  guerrilla  groups  have  emphasized,  modified,  or  ignored  particu¬ 
lar  elements  to  their  advantage  or  dismay  and  damage.  Other  groups  have 
developed  quite  new  approaches — at  least  in  emphasis — that  were  stun¬ 
ningly  successful  at  the  time.  Insurgent  counterintelligence  approaches 
have  varied,  of  course,  with  the  different  levels  of  organization;  resources; 
rural,  urban  and  even  international  operational  environments;  and  with 
the  threats  posed  by  state  security  forces  or  rival  groups.  Some  past  and 
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present  insurgent  organizations  have  organized  intelligence  and  counter¬ 
intelligence  efforts  that  approached  in  structure  and  differentiation  those 
of  the  states  they  opposed.  Others  have  operated  with  relatively  simple  and 
minimally  utilitarian  in  structure  and  initiatives.55  For  some  groups — and 
most  today — leveraging  technology  for  Cl  tradecraft  and  applications  has 
been  an  important  adjunct  to  their  efforts,  while  others  relied  on  the  sim¬ 
plest  approaches  that  nevertheless  were  sometimes  effective.  In  most  cases, 
however,  Cl  activities  from  the  basic  defensive  security  and  protection  of 
personnel  and  assets  to  some  form  of  offensive  Cl  counterespionage  initia¬ 
tives  have  been  evident.  Some  defensive  and  offensive  cases — drawn  from 
a  purposefully  eclectic  base  of  armed  groups  around  the  world  to  illustrate 
their  application  in  a  variety  of  circumstances — are  considered  next. 

Defensive  Cl  Practice 

A  major  effort  of  any  insurgent  forces  requires  a  focus  on  denying  enemy 
knowledge  of  its  leadership,  organization,  location,  support  structure,  and 
planning.  Devastating  failures  are  typically  more  notable  than  successes, 
and  those  guerrillas  who  survived  or  witnessed  them  have  contributed  to  the 
accumulated  guerrilla  counterintelligence  “wisdom”  noted  above.  CIA  officer 
Carlos  Revilla  Arango  in  his  useful  article  “Insurgent  Counterintelligence” 
identified  several  key  defensive  Cl  considerations.  These  included  the  rec¬ 
ognized  need  for  compartmentalization,  careful  security  in  recruiting, 
communications  security,  protecting  identities,  and  exercising  control  over 
cadres  as  well  as  among  the  principal  areas,  and  one  may  identify  others 
as  well.56 

U.S. /Filipino  Guerrillas — North  Luzon,  Philippines.  These  issues  of 
internal  security  surface  immediately,  even  for  those  occasions  when  life 
as  a  guerrilla  arrives  unexpectedly.  A  fine  example  is  the  experience  of  U.S. 
servicemen  in  the  Philippines  who  escaped  capture  by  the  Japanese  and 
dispersed  to  form  resistance  groups  who  fought  the  Japanese  for  some  three 
years.  U.S.  Army  Captain  R.  W.  Volckmann  (later  colonel)  had  been  an  advi¬ 
sor  to  a  Philippine  division  on  Luzon,  and  after  the  surrender  of  U.S.  forces  at 
Bataan  made  his  way  north  to  join  the  guerrillas  formed  by  U.S.  and  Filipino 
soldiers  and  recruits.  In  one  of  a  number  of  memoirs  and  historical  treat¬ 
ments  of  the  U.S.  Armed  Forces  in  the  Philippines,  North  Luzon  (USAFIP, 
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NL)  that  controlled  guerrilla  operations  there,  Colonel  Volckmann  described 
the  intelligence  and  counterintelligence  dimensions  of  the  fight  to  survive 
and  inflict  damage  on  occupying  Japanese  forces.  His  observation — “the 
duel  between  our  forces  and  the  Japs  in  the  field  of  espionage  and  counter¬ 
espionage  became  intense,  often  quite  complicated,  but  it  always  offered  an 
interesting  challenge” — was  a  clear  understatement.57 

The  issues  highlighted  by  Arango  (and  countless  guerrillas  who  sur¬ 
vived  to  write)  were  encountered,  dealt  with,  and  validated  in  the  American 
guerrilla  experience  in  the  Philippines.  They  included  the  following  central 
elements: 

a.  Establishing  agent  networks,  guarding  information  (particularly  the 
identification  of  guerrillas  and  acquisition  of  rosters  that  the  Japanese 
sought  assiduously),  protecting  message  and  other  communications 
means,  and  vetting  recruits 

b.  Allowing  for  the  consequence  of  some  out-of-the-blue,  unanticipated 
development  that  adversely  affected  operations 

c.  Identifying  and  dealing  with  spies  and  informers.58 

But  returning  to  foreign  insurgent  perceptions,  several  illustrative  cases 
involving  foreign  guerrillas  are  included  next. 

Tupamaros — Uruguay.  In  Uruguay  during  the  1960s  and  1970s,  the 
Movimiento  de  Liberacion  Nacional  (National  Liberation  Movement — MLN) 
guerrilla  movement  was  confronted  by  the  state  police  and  military  forces 
increasingly  intense  and  brutal  efforts  to  destroy  it.  The  Marxist  guerril¬ 
las,  better  known  as  the  “Tupamaros”  after  the  16th  century  Incan  warrior 
and  leader  Tupac  Amaru,  were  followers  of  the  doctrines  promulgated  by 
Brazilian  Carlos  Margehelli  and  were  a  relatively  disciplined  movement.  In 
accord  with  good  practices  of  compartmentalization,  the  Tupamaros  were 
organized  into  cells  of  two  to  six  members  who  did  not  know  each  other’s 
real  identities  (using  aliases  or  “war  names”  instead). 

Cell  leaders  reported  to  a  hierarchical  leadership  and  had  either  combat¬ 
ant/commando  or  support  responsibilities  of  various  types.  The  arrest  and 
successful  interrogation  of  a  single  member  or  leader  reduced  the  prospects 
of  the  entire  cell  or  even  several  being  rolled  up.  Intelligence  was  handled 
principally  by  cells  of  the  latter  “support”  type  but  all  components,  regard¬ 
less  of  orientation,  developed  their  own  sources  and  contacts.  As  Uruguayan 
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counterinsurgency  crackdowns  took  a  toll  in  attrition,  and  as  imperatives 
for  the  guerrillas  to  increase  their  base  also  grew,  recruiting  became  both 
more  important  and  more  dangerous.  To  avoid  compromise  by  introducing 
informants  into  the  structure,  recruiters  relied  on  personal  sponsorship  of 
recruits,  detailed  application  information,  and  background  checks  with 
friends,  neighbors,  and  others. 

This  was  accomplished  through  the  pertinent  cells,  but  also  used  sup¬ 
porters  outside  the  regular  structure  who  did  not  live  clandestinely  and  who 
typically  worked  only  part  time  for  the  guerrillas.  The  Tupamaro  recruiters 
sought  to  identify  what  might  be  called  the  presence  of  a  “guerrilla  tempera¬ 
ment”  to  a  greater  extent  than  many  other  groups,  assessing  psychological 
traits  as  well  as  competence  in  basic  skills  needed  by  insurgents.  Recruits 
were  provided  with  written  instructions  on  how  to  conduct  themselves  and 
cautions  on  the  need  for  discreteness.  Tupamaros  were  successful  for  a  while 
with  increasingly  violent  attacks  made  in  an  effort  to  prevail.  Despite  more 
intense  operations  and  sound  Cl  efforts, 
government  forces  eventually  prevailed 
as  a  consequence  of  shortfalls  in  guerrilla 
planning  and  strategy  and  a  police  and 
Army  program  of  mass  arrests,  brutal 
interrogation,  and  leadership  arrests  and 
killings.59 

Cuban  Guerrillas — Bolivia.  Ernesto 
“Che”  Guevara’s  failed  1966-1967  effort 
to  promote  and  lead  a  revolution  in 
Bolivia  presents  mainly  examples  of 
ineffective  and  sometimes  inexplicable 
Cl  practices. 

The  overall  events  of  the  Bolivian 
initiative  from  Che’s  arrival  between 
September  and  November  1966  to  his 
execution  in  La  Higuera  on  9  October 
1967  by  a  Bolivian  2nd  Ranger  Battalion 
sergeant,  are  too  well  known  to  require 
elaboration  here.60  However,  the  conse¬ 
quence  of  many  damaging  Cl  failures  are 
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worth  noting  specifically,  since  they  tend  to  be  so  woven  into  the  overall 
narrative  as  to  be  obscured  as  distinct  counterintelligence  shortfalls. 

Cuban  Revolutionary  General  Bayo,  who  died  an  old  man  the  same  year 
Che  was  executed,  must  have  lamented  whatever  he  heard  about  the  mount¬ 
ing  Cl  failures  associated  with  his  former  protege’s  Bolivian  adventure.61 
While  Guevara  had  a  justified  reputation  from  the  Cuban  Revolution  for 
harsh  “revolutionary  discipline”  at  any  suspicion  of  disloyalty — to  include 
ruthlessly  shooting  suspected  spies,  collaborators,  and  defectors — the  con¬ 
duct  of  his  50-60  fighters  in  Bolivia  were  characterized  throughout  by 
extreme  carelessness  and  a  failure  to  observe  the  most  basic  kind  of  pru¬ 
dence.62  The  general  indiscipline  among  those  fighters  who  accompanied 
him,  and  especially  among  the  relatively  few  Bolivian  recruits  that  joined 
him,  allowed  even  the  poorly  trained  Bolivian  Army  to  press  the  guerrillas 
and  build  a  picture  of  their  presence.63  But  some  of  the  failures  approached 
“strategic”  setbacks  and  included  the  actions  of  dubious  associates  who 
were  allowed  to  know  of  Che’s  location,  force  makeup,  and  planning.  They 
exercised  sloppy  tradecraft  and  on  occasion  suffered  from  clear  or  ambigu¬ 
ous  betrayal. 

A  case  in  point  was  the  popularly  known  “Tania  the  Guerrilla”  (birth 
name  of  Haydee  Tamara  Bunke  Bider),  an  Argentina-born  German  who  the 
Stasi  recruited  after  she  moved  to  the  GDR  with  her  communist  parents  in 
the  1950s.64  As  a  GDR  “interpreter”  for  foreign  visitors,  she  linked  up  with 
Che  during  a  i960  visit  to  East  Germany  and  subsequently  moved  to  Cuba 
working  under  MINIT  and  other  auspices  and  advancing  her  relationship 
with  Che  and  his  Latin  American  revolutionary  planning.  In  whose  behalf 
she  worked  remains  a  question  still. 

While  Che  undertook  activities  in  Africa  and  elsewhere,  Tania  departed 
for  La  Paz  in  1964  where  she  was  assigned  to: 

a.  Gather  intelligence  from  acquaintances  she  made  among  the  capital’s 
partying  social  set. 

b.  Develop  infrastructure  there  in  preparation  for  the  phased  arrival  of 
Che’s  cadres  beginning  in  early  1966. 

However,  when  she  undertook  to  meet  with  elements  of  Che’s  guerrillas  in 
the  field,  near  the  remote  Nancahuazu  (Nacaguazu)  camp  in  March  1967, 
she  committed  an  inexplicable  error  for  a  Stasi  and  Cuban  MINIT-trained 
operative.  She  left  her  vehicle,  a  rented  jeep,  unattended  in  a  rented  garage 
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at  Camiri.  It  was  discovered  by  the  Army  and  found  to  contain  documents 
describing  the  guerrillas,  her  contacts,  and  associates  in  La  Paz  and  other 
material  about  her  activities.  This  find  substantially  advanced  Bolivian  Amy 
knowledge  of  the  guerrillas  and  their  whereabouts,  resulting  also  in  arrests 
that  damaged  what  there  was  of  Che’s  urban  support  infrastructure  and 
requiring  Tania  to  remain  with  the  guerrillas  in  the  field. 


Tania's  inattention  to 
operations  security  in 
Bolivia  helped  compro¬ 
mise  Che's  presence  and 
her  own  activities  there 
in  behalf  of  the  guerrillas. 
She  was  killed  by  Bolivian 
security  forces  after  being 
betrayed  by  an  informer. 
AFP  photo,  Adalberto 
Roque,  used  with  per¬ 
mission  by  Newscom. 


Another  embarrassing  exposure  of  guerrilla  secrets — one  that  pro¬ 
vided  final  confirmation  of  Guevara’s  presence  in  Bolivia  at  the  head  of  the 
guerrillas — featured  the  Army’s  April  1967  capture  of  the  internationally 
known  French  “leftist  intellectual”  and  guerrilla  enthusiast  Regis  Debray, 
whose  sympathies  had  led  him  to  Havana  where  he  taught  philosophy  at 
the  university.  Also  arrested  with  Debray  in  the  little  Bolivian  settlement 
of  Muyupapmpa  was  Giro  Roberto  Bustos,  a  leftist  guerrilla  sympathizer 
sometimes  described  as  a  mediocre  Argentine  painter.  The  two  were  deliv¬ 
ered  to  a  meeting  with  Che  at  the  camp  via  the  redoubtable  Tania  a  few 
weeks  before  her  own  security  mishap  in  making  a  similar  linkup. 

After  spending  some  time  in  the  guerrilla  camp  and  learning  many  details 
about  operations,  both  visitors  decided  that  guerrilla  life  was  best  enjoyed 
vicariously  from  the  relative  comfort  of  Havana  or  another  urban  area.  Upon 
an  attempted  exfiltration,  however,  they  were  caught.  They  were  charged  with 
being  guerrillas,  and  under  extended  questioning  by  the  Bolivian  authori¬ 
ties  Debray  provided  information  about  Guevara  and  the  group,  while  artist 
Roberto  Bustos  obligingly  drew  pictures  of  the  guerrillas.  Their  claims 
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that  they  were  journalists  fell  apart  upon  the  recovery  of  documents  from 
Guevara’s  camps,  but  they  were  released  under  international  pressures.65 

The  guerrillas  suffered  a  major  blow  to  their  identities,  size,  and  structure 
in  early  August  1967,  again  with  the  help  of  deserters  who  led  the  Army  to 
caves  where  Che’s  group  had  cached  quantities  of  equipment,  medicine,  and 
clothing.  But  from  a  Cl  standpoint,  the  Army  also  found  detailed  documents 
describing  the  guerrilla  urban  infrastructure  that  allowed  its  further  roll-up. 
In  addition,  and  again  inexplicably,  they  found  many  photos  of  the  guerrilla 
participants — allowing  for  their  easy  identification — as  well  as  passports  and 
other  material  that  further  incriminated  Debray  and  Bustos,  who  could  no 
longer  claim  they  were  only  journalists. 

Finally,  to  wrap  up  a  last  example  of  fatal  and  needless  compromise,  a 
ten-person  guerrilla  detachment,  which  had  been  separated  earlier  from 
Che’s  main  group,  put  their  trust  in  a  peasant-grocer  from  whom  they  had 
been  buying  food.  That  the  man  had  been  the  cause  of  some  past  suspicion 
evidently  did  not  influence  a  guerrilla  inquiry.  The  insurgents  asked  about 
the  best  place  to  ford  the  Rio  Grande  stream.  The  grocer  willingly  obliged 
with  an  accurate  answer  while  also  notifying  the  Army.  The  group  accepted 
the  peasant’s  offer  to  lead  them  to  the  water  crossing.  When  all  were  in  the 
water  or  just  emerging,  the  waiting  company-size  Army  unit  killed  all  but 
one  who  was  captured.  Tania  was  among  those  who  died.66 

FARC — Colombia.  The  many  visible  blows  dealt  over  recent  months  to  the 
Revolutionary  Armed  Forces  of  Colombia  (FARC),  and  the  less  visible  but 
building  pressure  on  FARC  operations  for  the  last  several  years,  have  been 
accompanied  and  propelled  by  counterintelligence  shortfalls  and  failures. 
The  FARC  had  enjoyed  a  long  life  and  considerable  success  since  its  creation 
in  the  mid-1960s.  The  Marxist  insurgent  organization  had  a  heritage  of  vio¬ 
lent  revolutionary  antecedents  and  movements  that  prepared  it  well  in  both 
intelligence  and  counterintelligence  skills.  In  addition  to  a  long,  indigenous 
revolutionary  history,  the  FARC  had  been  the  beneficiary  of  Cuban  and 
Soviet  sponsorship;  funding  from  drug  trafficking;  additional  profits  from 
a  host  of  other  criminal  enterprises;  and  the  use  of  terrorist  training  and 
arms  trafficking  networks  that  brought  it  into  association  with  organizations 
as  diverse  as  the  IRA  and  Sri  Lankan  Liberation  Tigers. 

The  FARC  had  leveraged  technology  for  years,  albeit  imperfectly,  and 
had  been  among  the  early  users  of  propaganda  Web  sites,  e-mail,  portable 
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computers,  and  some  encryption.  They  had  recognized  accompanying  inter¬ 
cept  dangers  as  well  and  had  exercised  some  caution  in  electronic  trans¬ 
missions  and  communications.  The  chief  of  the  Colombian  General  Staff 
had  noted,  for  example,  that  USB  flash/thumb  drives  and  computer  disks 
have  been  disseminated  by  messenger  rather  than  transmitted  out  of  fear 
of  interception  (a  sound  enough  practice).  However,  the  intelligence  and 
counterintelligence  successes  that  were  more  manifest  in  earlier  years  began 
to  fray  visibly  in  the  21st  century. 

This  failure  has  been  a  consequence  of  enduring,  high-quality  U.S.  sup¬ 
port  of  the  Colombia  security  establishment;  the  perseverance,  effective 
response,  and  improved  intelligence  and  operational  capabilities  of  the 
Colombian  armed  forces,  police,  and  state;  the  criminalization  and  appar¬ 
ent  lack  of  focus  by  the  FARC  as  profits  loomed  larger  as  a  motivation  than 
ideology  or  old  political  goals;  and  perhaps  the  sloppiness  of  an  aging  and 
tired  organization  that  had  undergone  two  or  three  generational  changes 
among  some  members  and  leadership.  In  the  counterintelligence  area,  the 
deterioration  of  the  old  discipline  and  attention  began  to  be  fatal. 

The  loss  of  recently  deceased  FARC  leader  Manuel  Marulanda  to  a  heart 
attack  in  late  March  2008  brought 
an  abrupt  end  to  many  decades 
of  successful  evasion.  FARC  chief 
Marulanda’s  death  came  in  a  month 
where  Colombian  military  forces 
had  closely  pursued  and  periodically 
struck  guerrillas  in  a  continuing  effort 
to  eliminate  key  cadre. 

FARC  leader  Manuel  Marulanda 
Velez  (AKA  "Tirofijo"  or  "Sureshot") 
died  of  a  heart  attack  in  late  March 
2008  as  Colombian  security  forces 
applied  increasing  pressure  against 
guerrilla  forces.  His  loss  was  a  seri¬ 
ous  blow  to  the  FARC  and  added  to 
setbacks  from  Government  security 
force  actions  and  growing  FARC 
internal  security  compromises.  Photo 
used  by  permission  of  Newscom. 
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The  76-year-old  Marulanda  had  exercised  a  combination  of  cau¬ 
tion  and  experience-based  fieldcraft  that  neutralized  two  gen¬ 
erations  of  pursuers,  despite  numerous  reports  of  his  death, 
and  earned  recognition  as  “el  guerrillero  mas  viejo  del  mundo” 
— the  oldest  guerrilla  in  the  world.67  “He  [did]  not  sleep  more  than  two  or 
three  days  in  the  same  place,”  according  to  Colombian  Defense  Minister 
Juan  Manuel  Santos  in  regard  to  the  elusive  habits  of  the  FARC  chief,  who  in 
addition  to  his  Manuel  Marulanda  Velez  war  name  and  his  Pedro  Antonio 
Marin  birth  name,  was  nicknamed  Tirofijo  (or  Sure  Shot). 

While  he  was  a  hunted  man  since  he  served  with  aspiring  Colombian 
guerrilla  elements  in  the  1940s,  and  was  tracked  by  government  forces  with 
special  intensity  since  he  founded  the  FARC  in  1964,  the  76-year-old  Tirofijo 
lived  to  his  natural  end.  That  was  not  the  case  for  others.  His  senior  deputy 
Raul  Reyes  was  killed  in  early  March  2008  when  his  camp  was  located  and 
targeted  by  Colombian  aircraft  on  Ecuadorean  territory.  Later  that  month, 
FARC  Secretariat  member  Ivan  Rios  was  killed  (according  to  Colombian 
reporting)  by  his  own  security  chief  who  delivered  his  severed  hand  and 
FARC  laptop  computers  and  documents  to  Colombian  authorities  as  proof 
and  for  their  exploitation. 

Most  recently,  the  FARC’s  extraordinary  setback  with  the  2  July  2008 
rescue  of  15  FARC  hostages  seemed  to  mark  its  growing  intelligence  and 
leadership  disarray.  In  substantial  ways  this  was  a  multiple  counterintel¬ 
ligence  failure  for  the  FARC  just  as  it  was  a  success  for  Colombian  military 
intelligence.68  Codenamed  Operation  Jaque  (Check  [mate]),  the  hostage 
rescue  appeared  to  highlight  Colombian  intelligence/CI  innovation  and 
FARC  intelligence/CI  indiscipline.  The  Colombian  intelligence  penetration 
of  the  FARC  Secretariat  and  lower  levels,  exploitation  of  communications 
indiscretions,  computer  forensic  and  document  exploitation,  psychological 
manipulation,  and  the  final  deception  of  the  FARC  group  assigned  to  guard 
the  hostages  would  have  seemed  highly  improbable  a  few  years  ago.69 

On  the  FARC’s  part,  this  damaging  setback  was  not  due  to  a  single  lapse 
but  a  chain  of  information  losses  and  security  compromises  that  spanned 
several  intelligence  disciplines.  The  final  Colombian  military  deception 
that  saw  the  consolidated  hostage  group  loaded  on  a  helicopter  and  flown 
to  freedom  by  Colombian  security  personnel  impersonating  guerrillas, 
media,  humanitarian  workers,  and  hired  flight  crew  successfully  capped 
the  complex  operation.70  While  reports  that  some  impersonators  wore  Che 
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FARC  1st  Front  commander 
"Cesar"  was  duped  and 
captured  whien  FARC 
hostages  were  freed  in  the 
Colombian  July  intelligence 
and  special  operations 
triumph.  Cesar  had  been  a 
FARC  member  for  26  years 
and  a  front  commander 
for  10.  AFP  Photo,  Rodrigo 
Arangua,  used  by  permission 
of  Newscom. 

Guevara-emblazoned  t-shirts  were  a  nice  touch,  the  irony  of  Che’s  own  Cl 
failures  was  likely  lost  on  the  duped  FARC  members. 

While  the  operation  will  be  examined  closely  and  new  details  and  inter¬ 
pretations  emerge,  the  Cl  object  lesson  for  guerrilla  groups  seems  clear 
enough  and  are  echoed  in  the  calls  for  tight  discipline,  continuous  suspicion, 
protection  of  all  forms  of  communications,  review  of  personnel  qualities, 
and  other  imperatives  practiced  by  most  surviving  or  successful  groups. 
Cuban  mentor  Alberto  Bayo,  obsessed  with  counterintelligence,  would  no 
doubt  have  reiterated  some  of  the  specifics  he  taught  like  “the  group  must 
be  alert  to  enemy  forces  masquerading  as  supporters,”  and  that  in  some 
cases  at  least  “more  wars  are  won  through  cunning  and  shrewdness  than 
by  pulling  the  trigger . . 71 

Huks — Philippines.  Surveillance  of  meeting  places,  safe  houses,  camps, 
and  other  locations  makes  a  list  of  concerns  for  most  insurgent  groups.  For 
the  most  astute  and  experienced  groups,  the  requirement  to  maintain  a 
near  paranoid  suspicion  of  everything  in  one’s  environment  has  also  been 
acknowledged.  Failure  in  these  things  has  been  commonplace,  however, 
typically  caused  by  inattention,  overconfidence,  miscalculation,  or  just  bad 
luck.  The  Filipino  Fiukbalahap — usually  shortened  to  Ftuk — was  a  com¬ 
munist  guerrilla  movement  that  emerged  in  the  post-World  War  II  period 
suffered  often  from  a  lack  of  training  and  adherence  to  defensive  Cl  efforts 
in  the  face  of  tightening  counterinsurgency  pressures. 

Intelligence  gathering  enjoyed  some  success,  including  the  creation 
of  a  network  of  informers  and  even  the  penetration  of  Philippine  Police 
Constabulary  and  Army  forces.72  The  limited  numbers  of  radios  available 
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to  the  Huks  were  more  often  than  not  put  to  use  as  intelligence  collection 
tools  and  a  way  of  countering  government  counterinsurgency  moves  rather 
than  a  means  of  tactical  communications.  But  while  many  Huks  had  fought 
against  the  Japanese  as  guerrillas,  and  with  their  central  Luzon-centered 
force  approaching  13,000  members  by  1950,  little  systematized  internal  secu¬ 
rity  existed  of  the  type  undertaken  by  more  successful  groups.  An  example 
of  “overconfidence” — really  inadequate  preparation  and  carelessness — was 
described  by  one  participant.  Following  a  successful  Huk  operation,  it  was 
decided  to  dispatch  young  couriers  with  messages  and  operational  money 
into  an  area  further  south  in  Luzon.  They  judged  that  it  was  not  really  neces¬ 
sary  to  conduct  surveillance  given  recent  successes  and  the  past  security  of 
the  area.  Nevertheless,  the  meeting  spot  had  been  compromised  or  was  at 
least  guarded,  with  the  consequence  that  two  of  the  three  young  couriers  were 
captured  by  Police  Constabulary  personnel,  and  the  badly  needed  money  was 
lost.73  Government  counterinsurgency  efforts  had  essentially  destroyed  the 
Huks  by  the  mid-1950s,  although  groups  that  might  be  construed  as  succes¬ 
sors  (e.g.,  the  Communist  New  People’s  Army)  appeared  later. 

Action  for  National  Liberation — Brazil.  Carlos  Margehelli’s  1969  ambush 
and  death  at  the  hands  of  Brazilian  police — a  reminder  that  his  “avoid 
carelessness,  indiscipline,  and  lack  of  vigilance”  imperative  is  not  always 
enough — provides  one  example  that  underscores  the  dangers  of  treach¬ 
ery  among  insurgents.  Marighella  fell  victim  to  Brazilian  security’s  arrest 
and  coerced  cooperation  of  two  Brazilian  priests  that  he  trusted  and  who 
had  helped  him  on  previous  occasions.  When  the  priests  asked  for  a  meet¬ 
ing  with  him,  he  was  willing  to  follow  through,  but  also  took  precautions. 
The  meeting  was  to  take  place  in  a  parked  car.  Before  the  appointed  time, 
Maighella  donned  a  wig  for  disguise  and  went  with  one  man  for  security  to 
the  area  where  the  meeting  was  to  take  place.  The  security  man,  Marighella’s 
long-trusted  bodyguard,  studied  the  surrounding  area. 

The  activity  appeared  well  within  normal  bounds  (e.g.,  workers  unload¬ 
ing  supplies  at  a  construction  site,  others  engaged  in  building  activity,  and  a 
young  couple  embracing  in  a  parked  car).  Satisfied,  the  bodyguard  indicated 
to  Marighella  that  everything  was  clear,  and  the  guerrilla  chief  approached 
the  two  familiar  priests  who  were  waiting  in  a  parked  Volkswagen.  As  he 
entered  the  car,  however,  the  laborers  and  the  couple  in  car  dropped  their 
pretenses,  grabbed  their  weapons,  and  fired  many  rounds  in  the  direction 
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of  the  car  for  some  five  minutes.  Marighella  had  had  no  time  to  draw  his 
own  weapon,  and  he  was  shot  five  times  and  killed  at  the  scene.  Police  fire 
also  killed  a  policewoman  and  an  uninvolved  man  who  happened  to  drive 
by  at  the  time.  While  Marighella’s  caution  may  have  seemed  adequate,  its 
failures  reinforced  the  points  on  security,  informers,  and  the  constant  threat 
faced  by  guerrillas  in  the  field.74 

Mau  Mau — Kenya.  As  counterintelligence  organizations  and  approaches 
go,  the  Kikuyu-based  Mau  Mau  insurgency  ranks  among  the  more  rudi¬ 
mentary  efforts.  Nevertheless,  it  is  worth  noting  one  societal  dimension 
upon  which  the  loyalty  of  the  members  was  based  in  the  effort  to  oust  the 
British  colonial  government  and  win  independence.  Obvious  protections 
against  organizational  penetration  and  spying  were  provided  by  the  cir¬ 
cumstances  of  tribe,  family  relationships,  language,  and  race.  But  not  all 
Kikuyu  supported  the  Mau  Mau,  and  many  supported  the  British.  Internal 
rivalries  and  disaffection,  British  support  incentives,  and  especially  penalties 
ranging  from  internment  to  execution  constituted  dangers  that  put  con¬ 
stant  pressure  on  the  movement.75  British  innovations  in  Kikuyu-manned 
“pseudo-operations”  (of  the  type  warned  against  by  Alberto  Bayo)  enjoyed 
success  as  did  efforts  to  turn  Mau  Mau  groups  and  individuals  away  from 
the  movement.  General  Sir  Frank  Kitson  addressed  the  latter  dimension 
in  describing  three  factors  that  could  be  used  to  induce  a  man  to  shift  his 
loyalty  and  that  he  tried  to  apply: 

a.  A  “carrot”  in  the  form  of  a  positive  incentive  that  has  real  attraction 

b.  A  “stick”  in  the  form  of  a  disincentive,  which  makes  him  realize 
that  continuing  on  the  same  course  will  result  “in  something  very 
unpleasant  happening  to  him” 

c.  A  chance  to  demonstrate  to  his  family  and  friends  “that  there  is  noth¬ 
ing  fundamentally  dishonorable  about  his  action”  of  turning  against 
the  Mau  Mau,  and  that  he  retains  his  self-respect. 

Kitson  enjoyed  successes  in  applying  this  kind  of  approach,  and  it  added 
to  the  other  threats  directed  against  the  Mau  Mau  cohesion  and  activities 
While  strong  organizational  measures  were  lacking  for  Mau  Mau  internal 
security,  an  effort  to  win  and  enforce  loyalty  was  embodied  in  elaborate  and 
powerful  oath-taking  ceremonies,  rituals,  invocations  of  magic,  songs,  and 
bloody  threats.  Former  Mau  Mau  described  these  ceremonials  in  detail. 
While  exotic  and  curious  to  Westerners,  former  members  recounted  the 
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seriousness  of  their  impact,  and  among  their  many  elements  were  quite  typi¬ 
cal  counterintelligence  measures  common  to  most  insurgent  movements. 
Once  active  Mau  Mau  Karari  Njama  (interviewed  by  U.S.  anthropologist 
Donald  Barnett)  recounted  the  vow  he  took  in  a  gathering  for  the  purpose. 
After  preparations  involving  animal  parts,  bloodletting,  and  being  marked 
with  goat’s  blood  in  various  places,  the  oath  administrator  began  the  indoc¬ 
trinations  as  follows: 

May  this  blood  mark  the  faithful  and  brave  members  of  the  Gikuyu 
(Kikuyu]  and  Mumbi  Unity:  may  this  same  blood  warn  you  that  if 
you  betray  our  secrets  or  violate  the  oath,  our  members  will  come 
and  cut  you  into  pieces  at  the  joints  marked  by  the  blood/6 

Following  more  ritual  that  need  not  be  elaborated  here,  the  actual  oath 
was  taken  by  the  initiates  facing  Mount  Kenya  (preceded  by  a  curse  that  in 
part  declared  “let  this  oath  kill  he  who  lies!”)  The  oath  itself  presented  21 
rules  of  conduct  (not  unlike  that  of  the  Bandido  Motorcycle  Gang,  Taliban, 
and  many  other  groups)  that  stipulated  strict  guarding  of  secrets  on  penalty 
of  death,  cooperation  and  readiness  to  work,  generous  donations,  obedi¬ 
ence  to  leadership,  never  spying  or  informing  to  the  government,  and  other 
points.  Later,  a  second  oath  was  administered  with  requisite  curses  that  reit¬ 
erated  some  of  the  points  of  the  first,  but  with  more  specifics  on  obligations 
to  fight  and  reemphasis  on  the  death  that  awaited  anyone  who  betrayed  the 
movement  or  did  not  fulfill  his  obligations.  The  second  oath  allowed  full 
entry  into  the  Mau  Mau  movement.77 

The  oath  was  considered  as  a  serious  obligation  by  many  who  took  it 
and  it  influenced  their  actions.  Karari  Njama  gave  his  specific  views  on  the 
consequences  of  disobeying  the  oath.  As  he  judged: 

In  my  opinion,  though  the  oath  itself  may  have  no  reaction,  I  con¬ 
sider  that  I  have  repeatedly  vowed  under  God’s  name  and  that  if  I 
disobeyed  the  oath,  my  lies  would  anger  God  whose  wrath  might 
result  in  all  the  curses  I  have  made  . . .  and  most  likely  I  would  meet 
a  death  penalty  from  our  society/8 

British  efforts  to  undercut  the  magical  and  religious  imperatives  of  the 
rituals,  oaths,  and  ceremonies  included  the  use  of  “witch  doctors”  (as  they 
were  termed  at  the  time)  to  perform  ceremonies  that  made  the  abandonment 
of  the  movement  more  acceptable. 
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Offensive  Cl  Practice 

Offensive  counterintelligence  activities  by  guerrillas  and  other  armed  groups 
fall  most  closely  into  what  the  U.S.  joint  military  definition  terms  counteres¬ 
pionage — the  component  of  Cl  concerned  with  various  kinds  of  aggressive 
and  more  subtle  actions  aimed  at  detecting,  destroying,  neutralizing,  or 
otherwise  influencing  hostile  intelligence  activity  aimed  against  them.79 
While  guerrilla  groups  have  not  crafted  the  kinds  of  careful  definitions  and 
legal  strictures  found  in  the  U.S.  and  the  West,  the  offensive  Cl  concepts  and 
activities  developed  convey  the  same  general  spirit  and  goals. 

Tupamaros — Uruguay.  Many  insurgent  groups  have  used  direct  attacks 
and  coercion  against  opposing  intelligence  and  security  personnel.  The 
Tupamaros,  for  example,  had  a  concept  of  “direct”  and  “indirect”  approaches 
that  to  most  eyes  would  both  seem  rather  direct.  In  the  former,  a  primary 
insurgent  Cl  target  like  a  government  intelligence  officer  would  be  shot  or 
otherwise  killed.  In  an  indirect  approach,  someone  close  to  the  target  would 
be  eliminated — for  example,  a  bodyguard  or  assistant.  The  idea  of  the  latter 
was  to  coerce  the  target  into  abandoning,  or  at  least  reducing,  his  efforts 
against  the  group  while  at  the  same  time  alienating  him  from  colleagues 
and  friends  who  would  worry  about  their  own  safety  brought  about  by  any 
association.80 

Abu  Sayyaf — Southern  Philippines.  In  a  far  different  theater,  the  Moro- 
based  Abu  Sayyaf  Group  in  the  southern  Philippines  has  long  bribed  and 
coerced  local  police  officials.  The  Islamic  group  claims  a  heritage  from 
the  mujahedin  in  Afghanistan,  and  while  it  can  demonstrate  ruthlessness 
and  a  kind  of  rough  competence  on  occasion,  its  structure  is  poorly  devel¬ 
oped.  “Intelligence  chiefs”  have  been  identified,  but  focused  Cl  efforts  of 
the  type  associated  with  some  other  guerrilla  groups  are  not  much  in  evi¬ 
dence.  Nevertheless,  security  force  pressures  in  the  fall  of  2004  appeared 
to  have  generated  a  series  of  direct  actions  against  intelligence  personnel. 
These  involved  the  kidnapping  of  three  suspected  intelligence  personnel 
and  informants  and  execution  of  another.  Some  observers  thought  that 
this  pattern  could  constitute  a  trend  in  the  elimination  of  intelligence  and 
espionage  threats,  a  judgment  bolstered  by  the  fact  that  no  ransom  demands 
were  made  before  the  hostages  were  executed.81  Highlighting  the  lack  of 
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careful  intelligence,  however,  police  concluded  that  Abu  Sayyaf  militants 
had  missed  the  mark  abysmally.  Three  of  the  executed  men  turned  out  to  be 
salesmen  that  Abu  Sayyaf  had  apparently  mistaken  for  military  intelligence 
personnel,  and  the  fourth  man  assassinated  was  not  a  suspected  intelligence 
officer  as  supposed  but  the  provincial  director  of  the  Philippine  Coconut 
Authority.82  The  lack  of  competence  that  these  actions  represented  seems 
well  in  accord  with  Abu  Sayyaf’s  level  of  organizational  development. 

Chechen  Mujahideen — North  Caucasus.  Competence  in  identifying  and 
eliminating  enemy  intelligence  operatives,  spies,  and  informers — and  its 
status  as  an  essential  element  of  Chechen  resistance — has  been  a  hallmark 
of  Chechen  insurgents  since  the  early  days  of  organizational  activity.  A 
Chechen  guerrilla  “intelligence  service,”  together  with  specialized  coun¬ 
terintelligence  personnel,  developed  early  in  the  existence  of  the  Chechens 
claiming  independence  from  Moscow.  Guerrilla  Cl  entities  have  been  asso¬ 
ciated  with  the  senior  Chechen  Republic  of  Ickeria  (CRI)  leadership,  as  it 
has  developed  over  the  last  decade  and  a  half.  They  have  also  been  found 
among  some  of  the  various  larger  bands  and  groupings  as  well.  These  assets 
set  out  to  identify  Russian  intelligence  personnel  from  the  military  (Main 
Intelligence  Directorate — GRU)  and  security  services  (the  Federal  Security 
Service — FSB  and  Ministry  of  Internal  Affairs — MVD)  as  well  as  Chechen 
and  other  North  Caucasus  intelligence  entities  serving  Moscow’s  interests. 
Ferreting  out  spies  and  informers  has  been  a  central  task,  but  it  was  in 
the  elimination  of  intelligence  operatives  in  which  the  Chechen  Cl  effort 
excelled.  Rebel  forces  claimed  with  some  plausibility  that  Russian  security 
structures  had  been  penetrated. 

The  clandestine  head  of  a  Chechen  counterintelligence  “special  unit” 
claimed  that  the  mujahideen  had  reliable  agents  operating  in  virtually  all 
Russian  special  services  and  in  other  units  working  actively  against  them. 
These  included  “good  channels  of  intelligence  information  right  up  to  Putin’s 
closest  circle,  not  to  mention  secret  aides  and  officers  who  have  been  infil¬ 
trated  into  the  so-called  Chechen  police  and  puppet  ‘government.” 83  Such 
claims — and  this  was  one  of  many — were  buttressed  by  the  Russians  them¬ 
selves,  who  indicated,  for  example,  that  the  problem  of  leaks,  especially  with 
the  admission  of  ostensibly  loyal  Chechens  into  some  Russian  military  and 
security  forums  in  Chechnya,  was  a  “nightmare.”84 
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The  identification  and  execution  of  an  especially  effective  FSB  specialist 
was  reported  by  a  guerrilla  group  operating  in  the  village  of  Karabulak, 
Ingushetia.  The  target  was  a  female  agent,  a  native  of  Ingush,  who  had  been 
responsible  for  the  arrest  and  killing  of  15  Chechen  and  Ingushetian  muja¬ 
hideen  as  well  as  the  capture  of  others.  The  guerrilla  effort  then  turned  to 
tracking  and  eliminating  her  network  of  informers.85  In  2005,  agents  of  the 
CRI  (guerrilla)  counterintelligence  service  identified  and  killed  two  intel¬ 
ligence  operatives  who  were  alleged  to  be  Israeli  Mossad  agents.86  The  Israeli 
interest  in  the  region  was  alleged  to  have  been  sparked  by  the  interaction 
among  Chechen  and  Middle  Eastern  mujahideen  groups.  Whether  Mossad 
agents  or  not,  the  elimination  of  suspected  enemy  intelligence  operatives 
has  been  an  active  effort.  One  year  for  which  statistics  are  claimed  is  2005, 
where: 


. . .  the  Chechen  special  services . . .  exposed,  arrested,  or  shot  23  agents 
of  the  Russian  secret  services  among  Chechens.  Some  of  them  were 
re-recruited.  Throughout  this  period  of  time  6  agents  of  Russian 
nationality,  4  Daghestanis,  3  Ingush,  2  Uzbeks,  2  Kabardins,  2  Tatars, 

1  Karachai,  1  Ossetian,  1  Bashkirian  were  seized  or  eliminated.87 

U.S./Filipino  Guerrillas — North  Luzon,  Philippines.  The  critical  problem 
of  dealing  with  the  threat  of  informants  and  spies,  working  in  behalf  of  an 
enemy  determined  to  destroy  them,  generated  analogous  approaches  for  U.S. 
military  personnel  who  were  forced  to  operate  as  guerrillas.  Six  decades  ago 
the  U.S.  servicemen — who  with  Filipino  allies  formed  guerrilla  units  under 
the  aforementioned  USAFIP,  NL — encountered  an  informant  and  espionage 
danger  that  compelled  uncompromising  countermeasures. 

The  Japanese  used  a  more  or  less  uniform  system  of  creating  North 
Luzon  informer  networks.  As  described,  they  would  typically  buy  off  or 
otherwise  win  the  support  of  a  community  leader  or  village  mayor.  After 
consolidating  their  influence  over  such  individuals,  they  would  use  them 
to  hire  many  local  members  of  the  population  who,  with  the  promise  of 
additional  reward,  would  gather  any  information  on  guerrilla  sympathiz¬ 
ers  or  the  guerrillas  themselves.  Japanese  punishment  of  those  identified 
was  quick  and  typically  fatal.  As  a  consequence,  the  local  populace  became 
extremely  reluctant  to  engage  in  any  cooperative  efforts  with  U.S./Filipino 
irregular  warfare  groups,  making  some  areas  dangerous  or  untenable. 
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The  USAFIP,  NL  General  Headquarters  issued  orders  calling  for  the 
elimination  “of  all  persons  found  to  be  dangerous  to  the  resistance  move¬ 
ment”  by  members  of  the  five  district  guerrilla  groups  operating  under  the 
headquarters.88  The  effort  was  characterized  by  the  U.S.  commander  as  a 
“relentless  trackdown”  with  special  emphasis  put  on  executing  the  main 
informant  leaders.  The  operations  were  so  intensive  and  so  successful  that 
most  spies  and  informants  fled  their  areas  of  operation  and  sought  shel¬ 
ter  near  strong  Japanese  garrisons.  This  was  not  always  sufficient.  In  one 
instance,  a  group  of  Filipino  agents  working  for  the  Japanese  was  tracked 
by  North  Luzon  First  District  guerrillas  to  the  town  of  Cervantes  in  Ilocos 
Sur.  The  guerrilla  unit  attacked  the  Japanese  garrison  there  that  night,  in 
the  process  burning  the  building  where  all  of  the  informants  had  hidden. 
In  addition  to  physically  eliminating  Japanese  spies  among  the  populace, 
the  success  in  providing  a  safer  environment  for  villagers  brought  many  of 
them  to  the  side  of  the  guerrillas.89 

Popular  Revolutionary  Army — Mexico.  The  Mexican  Popular 
Revolutionary  Army  (Ejercito  Popular  Revolucionario — EPR)  appeared 
publicly  for  the  first  time  in  August  1996  in  Guerrero  state  and  while  not 
a  large  movement,  operates  in  many  states  today.  It  soon  demonstrated 
its  presence  in  at  least  rudimentary  forms  in  a  number  of  other  Mexican 
areas  though  numerous,  scattered  small-scale  attacks  and  bombings  against 
police,  military,  government,  and  civil  targets  and  media  events.  The  group 
and  its  political  arm,  the  Popular  Revolutionary  Democratic  Party  (Partido 
Democratico  Popular  Revolucionario — PDPR),  were  descended  from  other 
Mexican  insurgent  organizations  in  the  region  that  were  largely  destroyed  in 
the  1970s  by  mass  arrests,  interrogations,  torture,  and  killings.  They  under¬ 
stood  from  the  onset  that  Mexican  intelligence,  military,  and  police  forces 
would  be  arrayed  against  them  and  their  supporters. 

Just  how  well  they  seemed  to  understand  the  threat  environment,  and 
the  ways  the  PDPR-EPR  planned  to  use  a  combination  of  intelligence  col¬ 
lection  and  defensive  and  offensive  Cl  approaches,  was  evidently  a  surprise 
to  the  government  when  they  became  aware  of  the  details  in  2008.  It  was 
also  impressive  for  a  rural  guerilla  movement  that  was  certainly  not  in  the 
league  of  its  better  resourced  counterparts  in  other  areas  of  Latin  America 
and  the  world.  At  the  very  beginning,  in  the  middle  1990s,  the  PDPR-EPR 
established  an  intelligence  and  counterintelligence  component  (Servicio 
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de  Informacion  or  Information  Service)  that  was  heavily  concerned  with 
countering  the  plans  and  operations  of  the  Government’s  “main  hunters  of 
revolutionaries.”  These  were  the  military  intelligence  establishment  of  the 
Secretariat  of  National  Defense  and  the  roughly  equivalent  CIA  analog,  the 
National  Center  for  Investigation  and  Security  (Centro  de  Investigacion  y 
Seguridad  Nacional — CISEN).90 

The  EPR’s  Information  Service  was  charged  with  establishing  networks 
of  informers,  infiltrating  state  bodies,  intercepting  communications  (tele¬ 
phone,  mail,  and  penetrating  government  computer  systems).  Its  roles  and 
functions  were  set  out  in  a  100-plus  page  document  entitled  “The  Manual  for 
PDPR-EPR  Intelligence”  (Curso  de  inteligencia  PDPR-EPR),  circa  mid-1990s 
or  later.  The  publication  described  the  plan  to  establish  an  ambitious  and 
extensive  network  of  spy  and  informer  cells  including  the  capability  to  con¬ 
duct  special  operations  in  behalf  of  information  collection  efforts.  Included 
among  the  targets  of  infiltration  were  the  military,  police,  CISEN,  media, 
and  federal,  state,  and  local  agencies.  However,  the  information  network 
was  intended  to  extend  to  the  common  people  and  even  the  marginalized 
parts  of  the  population. 

Masked  members 
of  Mexico's  Popular 
Revolutionary  Army 
(EPR)  receive  a  wel¬ 
come  from  local 
residents  in  the  central 
plaza  of  Teconoaga, 
a  Guerrero  State  town 
located  about  55  miles 
southeast  of  Acapulco. 
AFP  photo,  Matias 
Recart,  used  by  per¬ 
mission  of  Newscom. 

The  primary  goal  was  to  know  ahead  of  time  the  counterinsurgency 
plans  and  policies  of  the  military,  police,  and  other  security  forces.91  The 
extent  to  which  this  Cl  plan  has  been  implemented  and  successful  is  far  from 
clear.  Nevertheless,  the  continued  existence  and  operation  of  the  EPR  and 
its  spinoffs  suggests  that  it  has  developed  mechanisms  for  identifying  spies 
and  informers  as  well  as  gaining  some  cognizance  of  the  intelligence  and 
counterinsurgency  initiatives  directed  against  them.92  Long-term  survival  of 
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an  insurgent  group  typically  indicates  a  strong  measure  of  Cl  discipline,  and 
the  EPR  had  defied  what  seemed  to  be  the  likelihood  of  an  early  demise. 

The  "Twelve  Apostles"  of  Irish  Republican  Brotherhood/Irish 
Republican  Army.  Few  armed  groups  have  translated  a  concept  for  offen¬ 
sive  counterintelligence  into  practice  as  well  as  Michael  Collins  and  the 
Irish  republican  militants.  His  rationale  was  reasoned,  clear,  and  intensely 
personal  about  his  targets: 

To  paralyze  the  British  machine  it  was  necessary  to  strike  at  individu¬ 
als.  Without  her  spies,  England  was  helpless.  It  was  only  by  means 
of  their  accumulated  and  accumulating  knowledge  that  the  British 
machine  could  operate.93 

An  accompanying  goal  was  to  so  outrage  and  frustrate  British  security 
officials  that  reprisals  would  be  out  of  proportion  and  would  alienate  even 
larger  segments  of  the  Irish  populace.  More  details  have  become  available 
about  the  intelligence  and  counterintelligence  organization  that  imple¬ 
mented  the  Collins  concepts  as  oral,  transcribed  interviews,  and  writings  by 
participants  have  been  released.  Michael  Collins’  intelligence  organization 
was  well  designed  and  manned  for  this  principal  purpose — to  collect  key 
information  through  its  networks  of  well-placed  typists,  clerks,  policemen, 
businessmen,  waiters,  desk  clerks,  transportation  workers,  and  others  who 
provided  the  most  sensitive  inside  information  from  the  British  security 
together  with  outside  observations  that  were  essential  too.  All  of  the  limited 
technical  means  available  at  the  time  were  used.  The  information  provided 
enabled  the  Volunteers  (IRA)  operational  arm  to  attack  and  eliminate  not 
just  intelligence  personnel  in  general  but  those  individuals  most  important 
to  the  British  intelligence-gathering  operations. 

To  accomplish  this  mission,  every  Volunteer  company  had  a  dedicated 
intelligence  officer  who  reported  to  a  brigade  intelligence  counterpart.  The 
latter  was  subordinate  to  the  man  who  ran  the  day-to-day  operations  at 
Volunteer  intelligence  headquarters,  this  under  the  oversight  of  Michael 
Collins.  The  subordinate  officers  recruited  agents  and  informers  who  fed 
information  to  HQ  used  in  targeting  key  intelligence  personnel.  At  intelli¬ 
gence  HQ — which  was  nicknamed  the  “Brain  Center”  and  where  key  staffers 
became  known  as  the  “Inner  Circle” — intelligence  officers  had  specific  areas 
or  businesses  to  know  about  and  assess,  and  fragmentary  information  was 
pieced  together  and  analyzed. 
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As  a  consequence,  while  their  Volunteer/IRA  intelligence  affiliations 
might  have  been  deeply  hidden,  members  might  be  quite  visible  in  the 
normal  workaday  world.  One  prominent  staffer,  often  involved  in  planning 
and  supporting  assassinations,  wore  a  red-  and  blue-ribboned  British  Army 
badge  in  his  lapel  bearing  the  inscription  “For  King  and  Country.”  The  fear 
eventually  inspired  by  Michael  Collins  allowed  him  to  travel  with  a  mea¬ 
sure  of  freedom.  Though  he  might  be  recognized,  even  some  police  officers 
who  knew  him  on  sight  were  reluctant  to  report  his  location.  There  was  an 
effective  “open  source”  component  in  which  newspapers  were  carefully  read 
for  any  information  on  RIC  and  British  personnel,  their  assignments  and 
positions,  transfers,  clubs,  social  activities,  and  photographs.  Pertinent  items 
were  clipped  and  incorporated  into  card  files  and  centralized  in  a  database 
at  intelligence  HQ.94 

Assassinations  were  carried  out  by  a  group  that  came  to  be  known  as 
the  “Squad”  and  also  nicknamed  the  “Twelve  Apostles”  in  a  touch  of  black 
humor.  The  group  functioned  as  a  subcomponent  of  the  Volunteer/IRA 
intelligence  staff  and  was  made  up  of  local  Dublin  men  who  had  worked 
regular  jobs  of  one  sort  or  another.  Some  core  members  were  required  to 
quit  their  regular  jobs  and  became  full-time  compensated  members  of  the 
team.  They  guarded  their  identities,  sympathies,  and  affiliations  carefully 
even  from  other  Volunteer/IRA  members.  Squad  members  themselves  were 
astonished  to  learn  eventually  that  there  were  actually  two  groups  of  execu¬ 
tion  operatives  within  the  organization.  Even  after  the  1921  treaty  establish¬ 
ing  the  Irish  Free  State,  some  Squad  members  did  not  speak  out  for  decades, 
and  if  then,  it  was  only  with  the  proviso  that  their  words  not  be  released 
until  they  had  died. 

Police  intelligence  and  a  few  others  who  were  identified  as  being  particu¬ 
lar  threats  were  warned  to  cease  their  activities  or  at  least  to  become  far  less 
diligent.  If  they  acquiesced,  they  were  spared,  but  if  not  cooperative  they  were 
selected  for  execution.  Target  areas  were  reconnoitered,  and  the  subjects  of 
the  executions  identified  by  one  or  more  people  who  recognized  them.  Squad 
members  typically  operated  in  from  one  to  several  pairs  of  assassins  for  each 
target  and  might  have  several  support  personnel  for  surveillance,  identifica¬ 
tion,  and  logistics.  After  an  intelligence  officer  identified  a  target  for  assas¬ 
sination,  shooters  followed  or  approached  him  at  an  opportune  place  and 
killed  him  with  handguns.  While  many  variants  were  in  practice,  one  shooter 
would  fire  in  an  effort  to  stop  and  disable  him,  and  the  other  would  shoot 
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him  in  the  head  to  ensure  he  was  killed.95  Sometimes  the  shooters  addressed 
the  targeted  police  intelligence  officer  or  official  and  sometimes  not. 

Targeted  Cl  executions  added  to  the  larger,  broad  casualties  from  sectar¬ 
ian  violence  directed  against  British  security  forces.  From  just  January  to  n 
December  1919,  some  169  policemen  were  killed  and  245  wounded  through¬ 
out  Ireland,  with  52  military  personnel  killed  and  108  wounded.  Though 
relatively  few  in  number,  the  highest  visibility  casualties  were  among  those 
political  intelligence  detectives  targeted  by  Collins’  Twelve  Apostles.96  Police 
retirements  grew  rapidly  in  number,  and  demoralization  was  evident  in  both 
the  DMP  and  RIC.  While  the  impact  on  the  G  Division  and  the  British  secu¬ 
rity  services  was  substantial,  the  most  dramatic  and  devastating  operation 
was  the  near-simultaneous  execution  of  more  than  a  dozen  British  secret 
intelligence  operatives  that  (with  reprisal  killings  by  RIC  Auxiliaries  at  a 
soccer  stadium  later  that  same  day)  came  to  be  called  “Bloody  Sunday.” 

The  deep-cover  British  intelligence  unit  known  as  the  “Cairo  Gang” 
(since  a  number  of  the  members  had  been  secretly  phased  into  Ireland  from 
intelligence  work  in  Egypt)  was  established  in  Dublin  in  1919  as  British 
frustrations  mounted.97 


The  Cairo  Gang  was  nearly  all  killed  by  Michael  Collins'  assas¬ 
sination  teams  and  selected  republican  volunteers  early  one 
Sunday  morning  in  Dublin.  Based  on  a  careful  Cl  analysis  to 
identify  undercover  members,  the  counterintelligence  operation 
was  designed  to  destroy  the  most  effective  of  British  intelligence 
operatives  who  had  been  closing  in  on  Collins  and  other  members 
of  the  leadership.  Public  domain  image  from  Wikipedia. 
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Their  purported  aim  was  to  reorganize  British  intelligence  efforts  in 
Dublin  and  to  track  down  and  kill  members  of  the  Inner  Circle  if  not 
Michael  Collins  himself.  Collins  and  the  intelligence  staff,  however,  became 
aware  of  their  presence  and  purpose.  Informers  reported  on  the  existence  of 
the  group  and  some  identities,  while  the  alarming,  but  temporary,  detain¬ 
ment  of  several  Inner  Circle  members  highlighted  a  growing  British  threat. 
As  a  consequence,  an  operation  to  eliminate  the  Cairo  Group  was  developed 
by  Collins  and  the  Inner  Circle. 

Studying  known  Cairo  Gang  members,  additional  names  were  added 
together  with  addresses  and  other  targeting  information.  The  overall  iden¬ 
tification  process  included  the  comparison  of  typefaces  on  typewriters, 
“intercepting  correspondence,  examining  contents  of  wastebaskets,  trac¬ 
ing  laundry  markings,  duplicating  hotel  room  keys,  and  similar  efforts.” 98 
To  carry  out  the  operation,  eight  execution  teams  were  formed  from  the 
Squad/Twelve  Apostles  as  well  as  other  Volunteer  members  selected  for 
the  purpose.  They  initiated  the  operation  in  the  early  morning  hours  of  21 
November  1920,  killing  eleven  of  the  targeted  British  officers  around  the  city 
and  several  others.  A  substantial  number  of  men  designated  for  assassina¬ 
tion  escaped,  but  the  core  of  the  Cairo  Gang  was  destroyed,  leaving  only 
one  member  of  the  leadership  alive.99 

British  authorities  were  initially  incredulous  at  the  scope,  coordination, 
and  success  of  the  operation,  and  members  of  the  security  establishment 
with  families  fled  for  safety  within  headquarters  at  Dublin  Castle.  But 
British  reaction  came  later  that  same  day  when  RIC,  auxiliaries,  and  some 
military  elements  raided  a  football  game  under  Gaelic  Athletic  Association 
auspices,  an  organization  known  for  republican  affiliations.  Accounts  of 
the  exact  course  of  events  vary,  but  British  forces  fired  into  the  crowd — 
killing  or  fatally  wounding  15  people.  This  effectively  accomplished  another 
of  Collins’  goals — provoking  an  overreaction — and  the  bloodshed  on  both 
sides  that  day  contributed  immeasurably  to  the  pressure  for  a  settlement 
as  described  earlier. 

Hezbollah — Lebanon.  Hezbollah’s  intelligence  and  counterintelligence 
establishment,  built  with  the  heavy  investment  and  other  direct  support  of 
Iran,  approaches  that  of  a  state  in  the  early  21st  century.100  The  fvdl  extent  of 
the  development  of  Hezbollah  capabilities  were  either  hidden  or  underap¬ 
preciated,  however,  as  they  took  shape  in  the  1990s  and  particularly  after 
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Israel’s  May  2000  withdrawal  from  southern  Lebanon.  The  2006  Israeli- 
Hezbollah  war  revealed  a  vastly  changed  Hezbollah  intelligence  establish¬ 
ment.  On  the  one  hand,  the  extensive  and  effective  efforts  to  harden  and 
bury  communication  lines  all  the  way  up  to  forward  positions  practically 
on  the  Lebanese-Israeli  border  itself  changed  the  nature  of  the  battlefield. 
Israeli  plans  to  close  down  or  severely  degrade  Hezbollah  command  nets 
with  sophisticated  electronic  warfare  systems  were  at  least  partially  neutral¬ 
ized  by  Hezbollah  improvements.  At  the  same  time,  improved  Hezbollah 
communications  and  other  signal  intercept  capabilities  allowed  Hezbollah 
to  eavesdrop  on  Israeli  tactical  communications  to  an  extent  unimagined 
prior  to  hostilities.  These  were  not  “counterintelligence”  developments  of 
course,  but  the  major  Hezbollah  Cl  achievement  was  protecting  these  intel¬ 
ligence  developments  from  the  usually  efficient  and  persistent  efforts  of  the 
Israelis  to  monitor  them.  The  level  of  communications  security  for  some 
years  was  clearly  the  result  of  tight  discipline. 

Observers  have  pointed  to  the  establishment  of  effective  Hezbollah 
HUMINT  networks.  An  early  indication  of  this  developing  network  was 
the  arrest  of  an  Israeli  Defense 
Force  lieutenant  colonel  in 
2002.  He  was  ethnically  a 
Bedouin  Arab,  and  his  indict¬ 
ment  with  four  others  high¬ 
lighted  the  existence  of  a 
10 -person  intelligence-gather¬ 
ing  ring  that  traded  informa¬ 
tion  “for  money,  hashish,  and 
heroin.”  Some  information 

Part  of  a  Hezbollah  HUMINT 
network,  an  Israeli  Defense 
Force  lieutenant  colonel — an 
ethnic  Bedouin — was  con¬ 
victed  of  providing  sensitive 
military  and  other  information  to 
Hezbollah  handlers  in  return  "for 
money,  hashish,  and  heroin." 

AFP  photo,  Tal  Cohen  used  by 
permission  of  Newscom. 
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passed  was  “positive  intelligence,”  and  some  was  more  typical  of  Cl  targets 
like  surveillance-device  locations.101  While  this  betrayal  was  understand¬ 
ably  presented  as  an  anomaly — in  part  to  avoid  offending  the  loyal  Arabs 
who  served  Israel  in  the  military — in  retrospect  far  more  was  underway 
in  the  Cl  dimension  than  supposed.  Had  the  war  not  taken  place,  Cl  and 
other  initiatives  probably  would  have  progressed  even  further,  a  possibility 
suggested  by  reports  of  Hezbollah  off-the-shelf  technology  acquisition  and 
the  employment  of  an  unmanned  aerial  vehicle  that  supposedly  flew  for  an 
hour  over  Israeli  airspace.102 

Israeli  reporting  indicates  that  Hezbollah  has  used  the  popular  social 
networking  system  “Facebook”  to  gather  information  on  Israeli  Defense 
Force  (IDF)  personnel.  IDF  members  have  been  cautioned  about  posting 
personal  and  potentially  compromising  information  online,  and  the  dan¬ 
gers  have  reportedly  been  incorporated  in  security  awareness  training.  An 
IDF  soldier  who  served  in  an  intelligence  unit  was  sentenced  in  the  late 
summer  of  2008  to  19  days  in  a  military  jail  for  posting  a  photo  of  his  base  on 
Facebook.  A  further  concern  has  been  the  possibility  of  terrorists  establish¬ 
ing  online  friendships  or  arranging  direct  meetings  with  military  personnel 
to  all  the  attendant  dangers  this  would  pose.  The  further  use  of  Facebook 
by  Hamas  terrorists  and  supporters  during  the  IDF  punitive  operation  in 
Gaza,  to  end  rocket  attacks,  reinforced  the  concern.  Facebook  was  used  for 
disinformation  purposes  as  well  as  for  fund-raising.103 

Just  a  few  months  before  the  2006  war  began,  Israel  suffered  a  loss  of 
resources  with  the  arrest  of  what  some  sources  claimed  to  be  “80  Lebanese 
Christian,  Sunni  Muslim,  and  Druze  agents”  in  Lebanon.  The  arrests  were 
reportedly  based  on  a  joint  Lebanese  Security  Service-Hezbollah  counter¬ 
intelligence  operation.104  Overall,  these  Hezbollah  advances  were  accom¬ 
plished  in  low-key,  incremental  fashion  over  several  years  in  ways  that 
did  not  attract  undue  attention — at  least  public  attention — and  apparently 
did  not  alter  Israel’s  fundamental  assumptions  about  relative  Israeli  and 
Hezbollah  military  and  intelligence  capabilities.  A  2007  U.S.  Army  assess¬ 
ment  of  the  war  as  a  whole  reached  conclusions  similar  to  those  reported 
elsewhere  in  Israeli  and  international  reporting  and  added  some  details  on 
the  arrest  of  Israeli-controlled  assets. 

Between  2000  and  2006,  Hezbollah  also  purportedly  mastered  the 
delicate  art  of  counter-signals  intelligence  (C-SIGNET),  a  capability  that 
would  pay  huge  dividends  in  future  wars  with  Israel.  In  the  HUMINT  arena, 
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Hezbollah  also  proved  highly  successful.  Working  with  Lebanese  intelligence 
officers,  Hezbollah  managed  to  “turn”  Israeli  agents  in  southern  Lebanon 
and  dismantle  a  sizable  Israeli  spy  ring.  “In  some  small  number  of  crucially 
important  cases,”  wrote  Crooke  and  Perry,  “Hezbollah  senior  intelligence 
officials  were  able  to  ‘feed  back’  false  information  on  their  militia’s  most 
important  emplacements  to  Israel  with  the  result  that  Israel  target  folders 
identified  key  emplacements  that  did  not,  in  fact,  exist.”  It  also  appears  likely 
that  Hezbollah  succeeded  in  placing  its  own  agents  in  northern  Israel.105 
Overall,  while  many  gaps  exist  in  what  is  known  of  Hezbollah  Cl  initiatives, 
the  growth  of  capabilities  and  the  existence  of  a  disciplined  framework  to 
promote  and  guide  new  developments  gets  little  dispute. 

The  offensive  Cl  potential  of  Hezbollah  infiltration  of  even  major  Western 
states — despite  indifference  to  earlier  calls  for  vigilance  from  some  intel¬ 
ligence  professionals — received  more  serious  attention  in  the  wake  of  the 
Nada  Nadim  Prouty  incident.  The  case  is  well  enough  known  to  require 
little  recapitulation  here.  In  brief,  Prouty  was  a  Lebanese-born  illegal  alien 
who  gained  U.S.  citizenship  through  a  bogus  marriage  (i.e.,  carried  out 
just  for  purposes  of  gaining  citizenship).  Possessing  Arabic  language  skills 
and  citizenship,  she  was  hired  as  an  agent  for  the  FBI  initially  in  2003  and 
subsequently  the  CIA,  working  at  the  latter  from  2003  to  2007  when  she 
resigned.106 

During  this  tenure,  Prouty  reportedly  gained  Top  Secret  compartmented 
clearances,  had  access  to  many  sensitive  cases,  traveled  abroad  and  was 
assigned  to  duties  in  the  Middle  East,  and  participated  in  the  interrogation 
of  A1  Qaeda  terrorist  suspects  in  Iraq.  She  also  improperly  accessed  FBI 
files  on  a  Hezbollah  case  involving  her  sister  and  brother  in  law  as  well  as 
searched  her  own  personnel  records  for  indications  of  FBI  interest.  These 
activities  and  her  relationship  to  Lebanese  nationals  of  dubious  affiliation 
eventually  aroused  FBI  suspicions  in  late  2005  and  ultimately  resulted  in 
charges  being  brought  against  her  for  fraud,  improper  official  computer 
access,  and  immigration  offenses. 

The  charges  against  Prouty  resulted  in  only  a  $750  fine  and  no  prison 
time.  Whatever  else  may  have  transpired  is  purely  speculative,  but  the  entire 
experience  underscored  the  potential,  at  least,  of  a  foreign  national  with 
terrorist-group  affiliations  penetrating  two  of  the  allegedly  most  security¬ 
conscious  Intelligence  Community  organizations  in  the  U.S.  Government, 
and  with  relative  ease.107  As  a  consequence,  the  terms  “counterintelligence 
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and  Hezbollah”  have  gained  a  much  closer  association  for  U.S.  security  per¬ 
sonnel  as  they  have  for  Israel  and  other  states  in  the  region  and  abroad. 


Conclusions 

The  guerrilla  movements  addressed  herein  often  differ  in  historical  back¬ 
ground,  goals,  ideology,  race,  religion,  resourcing,  and  sophistication. 
Nevertheless,  the  hostile  and  violent  environments  within  which  most 
groups  must  operate  means  that  the  insurgent — whatever  his  or  her  back¬ 
ground — “lives  in  a  world  of  security  arrangements  and  survives  by  observ¬ 
ing  them.”108  Government  intelligence  and  security  initiatives  “force  the 
insurgency  to  conduct  intensive  security  investigations,  reorganize  compo¬ 
nents,  relocate  assets,  revise  its  communications,  or  reeducate  its  member¬ 
ship”  among  other  measures  that  require  continuous  monitoring  if  disaster 
is  to  be  avoided.109 

Despite  the  disparate  nature  of  groups  and  areas  of  operation,  common 
problems  generate  quite  similar  counterintelligence  responses,  as  they  seem 
to  have  done  since  the  earliest  recording  of  history.  In  addition,  the  wide¬ 
spread  accessibility  of  information  on  techniques,  the  sometimes  common 
sponsors  and  trainers  from  the  past  and  present,  and  the  not  infrequent 
serious  study  by  guerrilla  groups  of  Cl  requirements  has  added  to  the  adop¬ 
tion  of  common  concepts. 

Guerrilla  counterintelligence  efforts  most  typically  have  both  defen¬ 
sive  and  offensive  components.  Neither  one  component  nor  the  other  is 
usually  judged  adequate  for  providing  the  operational  freedom  and  secu¬ 
rity  required  to  pursue  active  initiatives.  On  the  defensive  side,  sometimes 
elaborate  guidelines  dealing  with  general  conduct  as  well  as  with  specific 
operational  security  requirements  are  developed  and  incorporated  into 
recruiting  and  training  programs.  More  sophisticated  groups  use  back¬ 
ground  and  character  investigational  approaches  that  may  be  as  strenuous 
as  government  security  vetting  and  perhaps  more  so  given  the  consequences. 
Insurgent  and  terrorist  groups  actively  obscure  their  locations,  capabilities, 
planning  approaches,  and  intentions  from  active  and  potential  adversaries. 
The  practice  of  deception,  cover  story  fabrications,  forged  papers,  false  iden¬ 
tities,  and  the  many  other  tradecraft  practices  have  become  systematized  in 
some  groups  and  practiced  with  skill. 
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The  serious  and  sensitive  danger  of  infiltration  and  betrayal  hangs  over 
the  heads  of  most  guerrilla  organizations.  Frequent  loyalty  tests  and  vigi¬ 
lance  approaching  paranoia  are  real  survival  skills.  While  it  hardly  bears 
noting — given  the  richness  of  precedent  from  European,  Asian,  Latin 
American,  Middle  Eastern,  and  African  groups — identified  informants 
or  spies  are  almost  always  killed  as  a  matter  of  course.  Some  groups  have 
elevated  the  need  to  make  torture  and  the  extreme  violence  of  punishment 
for  treachery  so  severe  that  these  acts  serve  as  object  lessons  for  others  who 
might  contemplate  straying.  Security  guidelines  and  procedures  are  as  often 
as  not  written  documents.  They  serve  as  training  and  reference  sources 
for  the  guerrilla,  on  occasion  seeming  like  the  rules  of  normal  fraternal 
or  social  organizations  into  which  large  doses  of  violence,  deception,  and 
uncompromising  hatred  have  been  blended. 

Offensive  components  of  guerrilla  counterintelligence  are  in  their  most 
aggressive  forms  aimed  at  infiltrating  vulnerable  parts  of  government,  mili¬ 
tary,  and  police  intelligence  organizations;  buying,  blackmailing,  or  oth¬ 
erwise  coercing  members;  and  in  some  cases  targeting  specific  individuals 
or  any  member  for  execution.  Old  approaches  like  those  of  Michael  Collins 
from  eight  decades  ago  may  seem  like  ancient  history,  but  the  approaches 
used  by  Israeli  Mossad  against  selected  Islamic  terrorist  leaders  and  those 
used  by  terrorist  groups  themselves  are  striking  in  their  similarity  of  process 
and  technique.110  The  focused  study  and  assessment  of  government,  military, 
and  police  intelligence  is  highlighted  particularly  in  jihadist  writings,  but 
guerrilla  and  terrorist  groups — and  even  organizations  like  outlaw  motor¬ 
cycle  gangs  and  animal  rights  advocates — have  for  years  studied  and  tried 
to  anticipate  the  approaches  used  by  their  adversaries. 

Guerrilla  targeting  of  state  intelligence  and  security  forces  may  come  to 
be  a  larger  part  of  insurgent  practice.  Government  analytical  techniques, 
surveillance,  and  intercept  capabilities  and  technological  advances  gener¬ 
ally  has  made  insurgent  and  terrorist  group  safety  tenuous  and  operational 
freedom  more  and  more  constrained.  As  Michael  Collins  advocated  with 
some  success,  not  only  does  eliminating  an  enemy  intelligence  officer  by 
coercion  or  assassination  demoralize  the  security  forces  but  it  creates  a 
greater  reluctance  among  the  population  to  cooperate  with  state  authorities. 
From  this  perspective,  what  a  state  or  populace  may  justifiably  character¬ 
ize  as  a  terrorist  event  and  coldblooded  murder  may  in  its  more  complete 
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context  be  understood  from  the  guerrilla  insurgent’s  perspective  as  part  of 
a  “rational”  counterespionage  strategy.  There  is  value  in  recognizing  this 
context  and  any  trends  for  a  fuller  understanding  of  guerrilla  intentions 
and  Cl  planning. 

Many  specialists  and  numerous  government  studies  and  commissions 
have  sought  reforms  to  improve  government  intelligence  collection  and 
analysis  that  better  counter  insurgent  and  terrorist  threats.  Historian  John 
Keegan,  for  example,  reflected  on  what  he  believed  to  be  the  changed  nature 
of  intelligence  requirements  in  the  post-9/11  world  and  the  intelligence  chal¬ 
lenges  presented  by  networked  organizations  like  A1  Qaeda.  He  suggested 
some  approaches  to  intelligence  that  many  others  have  expressed  in  recent 
years.  With  an  appreciation  for  the  successes  enjoyed  during  the  British 
colonial  period,  he  harked  back  to  the  great  Rudyard  Kipling  espionage 
novel,  Kim.  He  saw  the  half-English/half-Indian  central  character  of  that 
name  as  the  ideal  intelligence  agent  for  today,  where  “brave  individuals, 
fluent  in  difficult  languages  and  able  to  pass  as  native  members  of  other 
cultures,  will  have  to  befriend  and  win  acceptance  by  their  own  societies’ 
enemies.”  For  Cl  purposes,  this  kind  of  person  is  clearly  not  the  native 
Western  graduate  of  a  military  language  school  or  the  most  intense  regional 
studies  training.  That  training  and  education  is  useful  and  often  essential 
for  many  military  purposes  and  interaction  with  native  populations.  But 
the  skills  would  better  serve  the  recruitment,  vetting,  and  productive  han¬ 
dling  of  agents  with  native  understandings,  who  themselves  would  have  a 
difficult  enough  time  surviving  in  any  of  the  insurgent  Cl  environments 
addressed  above.111 

Keegan’s  study  of  intelligence  in  war  over  some  200  years — and  what  he 
saw  in  the  threat  of  distributed,  networked  insurgent/terrorist  threats — led 
him  to  believe  that  a  return  to  the  methods  “which  have  come  to  appear 
outdated,  even  primitive,  in  the  age  of  satellite  surveillance  and  computer 
description”  would  be  productive  in  intelligence/counterintelligence  returns. 
He  saw  advantages  that  could  be  had  “only  by  recourse  to  the  oldest  of 
all  intelligence  methods,  direct  and  personal  counter-espionage.”112  These 
are  fine  ideas  in  many  ways  and  are  partially  reflected  in  the  current  U.S. 
military’s  intensified  emphasis  on  language  and  regional  studies  training, 
cultural  intelligence  initiatives,  red-teaming  approaches,  “human  terrain 
system”  development,  and  efforts  to  bolster  human  intelligence  capabili¬ 
ties.113  But  they  are  easier  to  advocate  than  to  implement  in  a  Cl  sense  and 
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do  not  take  full  note  of  the  expanded  and  expanding  perspectives  of  many 
insurgent  groups  and  individual  members  alert  to  the  potential  of  deception 
or  treachery  in  its  various  forms. 

The  acquisition  and  application  of  Cl-enhancing  technology  is  com¬ 
monplace  for  insurgent  groups  today  and  recognized  in  the  intelligence 
planning  of  most  governments.  Most  recently,  this  has  come  to  include  the 
exploitation  of  social  networking  sites  such  as  Facebook,  YouTube,  MySpace, 
and  Twitter  among  others.  They  have  proven  to  be  of  some  utility  to  insur¬ 
gents  and  terrorists  in  gaining  knowledge  of  government  security  and  other 
personnel — as  noted  earlier  in  regard  to  the  IDF — as  well  as  recruitment  and 
alternate  communications.114  While  reports  have  not  surfaced  publicly  on  the 
guerrilla  use  of  link  analysis  tools  or  more  advanced  software  to  better  eval¬ 
uate  opposing  intelligence  organizations,  no  serious  impediment  prevents  it. 
Information  management  tools  will  further  enhance  the  long-demonstrated 
capabilities  of  guerrillas  to  observe  and  understand  the  local  activities  of 
military  and  security  forces,  leverage  information  from  a  supportive  popu¬ 
lace,  even  place  spies  in  government  organizations.  Insurgent/terrorist  study 
of  adversary  intelligence  and  security  systems  continue  to  become  more 
systematic  and  developed  than  generally  recognized.  A  number  of  groups 
diligently  incorporate  observations  and  lessons  learned  into  recruiting  and 
training  programs;  and  some  benefit  from  direct  experience,  intimacy,  and 
immersion  in  the  cultures  of  enemies  that  in  early  times  may  have  seemed 
remote  and  unknowable,  let  alone  open  to  the  intimate  understanding  that 
globalization  of  information  sometimes  brings. 

Among  other  recent  manifestations  of  Cl-enhancing  technology  are 
results  from  U.S.  fingerprinting  programs  aimed  at  “insurgents,  detain¬ 
ees,  and  ordinary  people  in  Afghanistan,  Iraq,  and  the  Horn  of  Africa.”  It 
appears  that  many  hundreds  of  these  individuals  had  been  arrested  earlier 
in  the  United  States  for  various  criminal  acts,  minor  and  major.  Despite 
being  detained  in  Iraq,  Afghanistan,  or  elsewhere  as  a  consequence  of  U.S. 
residency,  these  people  clearly  had  a  far  deeper  understanding  of  the  United 
States  than  might  be  supposed.  Further  suggested  was  that  foreign  insurgent 
and  terrorist  support  structures  in  the  U.S.  and  probably  elsewhere  could  be 
quite  developed.  The  Cl  implications  of  this  are  readily  apparent.115 

All  of  this  raises  the  complexity  of  the  Cl  “shadow  battles,”  as  one  special¬ 
ist  termed  them.  Insurgents  and  terrorists — including  those  whose  responsi¬ 
bilities  are  in  counterintelligence  areas — may  know  and  understand  as  much 
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about  a  government  and  its  foreign  allies  as  governments  and  coalitions 
know  about  them.  Gaps  in  technology  for  intelligence  and  information 
handling  remain  vastly  superior  for  most  government,  but  in  some  cases — 
for  the  better  resourced  groups — have  the  prospect  of  narrowing,  given  the 
availability  of  hardware  and  software.  The  time-honored  frameworks  for 
insurgent  counterintelligence  incorporate  new  developments  quite  effec¬ 
tively  as  the  last  several  decades  have  shown. 

But  despite  a  legacy  of  several  thousand  years  of  “Cl  wisdom”  and  the 
addition  of  the  most  modern  innovations,  insurgents  are  subject  to  many 
lapses  in  the  face  of  unrelenting  pressure.  Not  infrequently,  these  can  be 
huge  mistakes  resulting  in  the  loss  of  major  leadership  figures,  areas  of 
operation,  key  information,  or  psychological  blows.  Weaknesses  in  insurgent 
Cl  systems  result  from  indiscipline  and  inattentiveness,  fluctuating  morale, 
internal  rivalries,  deterioration  of  goals,  motivation  (including  criminaliza¬ 
tion),  and  always  the  pure  happenstance  and  bad  luck  that  Alberto  Bayo 
cautioned  about  nearly  60  years  ago. 

Counterinsurgent  governments  and  allies  can  exploit  these  lapses  and 
create  them  if  prepared  and  persevering  as  history  has  demonstrated.  CIA 
officer  Arango,  in  his  look  at  both  insurgent  and  counterinsurgent  Cl 
problem  sketched  what  is  still  the  most  effective  basic  approach:  active  Cl 
officers,  armed  with  carefully  developed  data,  a  continuous  study  of  their 
guerrilla  adversaries,  knowledge  of  their  ideology  and  tradecraft,  a  care¬ 
fully  worked  out  Cl  program,  analytical  drudgery,  and  aggressive  actions 
to  promote  insurgent  dysfunction.  The  continuing  danger,  however,  lies  in 
insurgent  and  terrorist  Cl  initiatives  that  are  based  on  analogous  approaches, 
which  have  the  same  goals,  and  may  at  times  be  implemented  with  greater 
effectiveness,  f 
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Appendix 


Excerpt  from  Counterinsurgency,  Field  Manual  3-24/ 
Marine  Corps  Warfighting  Publication  3-33.5 

Section  IV.  Counterintelligence  and  Counterreconnaissance 

(pages  3-30,  Headquarters  Department  of  the  Army,  December  2006) 

3-155.  Counterintelligence  counters  or  neutralizes  intelligence  collec¬ 
tion  efforts  through  collection,  counterintelligence  investigations,  opera¬ 
tions,  analysis  and  production,  and  functional  and  technical  services. 
Counterintelligence  includes  all  actions  taken  to  detect,  identify,  exploit, 
and  neutralize  the  multidiscipline  intelligence  activities  of  friends,  competi¬ 
tors,  opponents,  adversaries,  and  enemies. 

3-156.  Insurgents  place  heavy  emphasis  on  gathering  intelligence.  They 
use  informants,  double  agents,  reconnaissance,  surveillance,  open-source 
media,  and  open-source  imagery.  Insurgents  can  potentially  use  any  person 
interacting  with  U.S.  or  multinational  personnel  as  an  informant.  These 
include  the  same  people  that  U.S.  forces  use  as  potential  HUMINT  sources. 
Operations  security  is  thus  very  important;  U.S.  personnel  must  carefully 
screen  the  contractors,  informants,  translators,  and  other  personnel  work¬ 
ing  with  them.  Failure  to  do  so  can  result  in  infiltration  of  U.S.  facilities  and 
deaths  of  U.S.  personnel  and  their  partners. 

3-1 57.  Background  screenings  should  include  collection  of  personal  and  bio¬ 
metric  data  and  a  search  through  available  reporting  databases  to  determine 
whether  the  person  is  an  insurgent.  (Biometrics  concerns  the  measurement 
and  analysis  of  unique  physical  or  behavioral  characteristics  [as  finger¬ 
print  or  voice  patterns].)  Identification  badges  may  be  useful  for  providing 
security  and  personnel  accountability  for  local  people  working  on  U.S.  and 
host-nation  (HN)  government  facilities.  Biometric  data  is  preferable,  when 
available,  because  identification  badges  may  be  forged  or  stolen  and  insur¬ 
gents  can  use  them  to  identify  people  working  with  the  HN  government. 

3-158.  Insurgents  have  their  own  reconnaissance  and  surveillance  networks. 
Because  they  usually  blend  well  with  the  populace,  insurgents  can  execute 
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reconnaissance  without  easily  being  identified.  They  also  have  an  early 
warning  system  composed  of  citizens  who  inform  them  of  counterinsurgent 
movements.  Identifying  the  techniques  and  weaknesses  of  enemy  recon¬ 
naissance  and  surveillance  enables  commanders  to  detect  signs  of  insurgent 
preparations  and  to  surprise  insurgents  by  neutralizing  their  early  warning 
systems. 

3-159.  Insurgents  may  also  have  a  SIGINT  capability  based  on  commer¬ 
cially  available  scanners  and  radios,  wiretaps,  or  captured  counterinsurgent 
equipment.  Counterinsurgents  should  not  use  commercial  radios  or  phones 
because  insurgents  can  collect  information  from  them.  If  Soldiers  and 
Marines  must  use  commercial  equipment  or  unencrypted  communica¬ 
tions,  they  should  employ  authorized  brevity  codes  to  reduce  insurgents’ 
ability  to  collect  on  them. 
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Endnotes 

1.  The  term  insurgent  or  guerrilla  group  as  used  here  includes  organizations  that  may 
variously  be  designated  as  “terrorist”  and/or  “insurgent.”  Whatever  distinctions 
some  may  make  in  the  two  categories,  most  foreign  states  struggling  with  armed 
groups  consider  them  terrorists  even  if  the  international  community  does  not. 
Colombia’s  Revolutionary  Armed  Forces,  for  example,  is  considered  by  both  the 
U.S.  and  Colombian  governments  as  an  insurgent  and  a  terrorist  organization. 
Mexico’s  People’s  Revolutionary  Army  (EPR)  guerrillas  are  not  U.S. -designated 
terrorists;  however,  the  government  of  Mexico  considers  them  to  be  “terrorists 
and  assassins.” 

2.  U.S.  and  western  definitions  of  “counterintelligence”  have  varied  in  detail, 
depending  upon  the  service  or  national  intelligence  entity  proffering  the  defini¬ 
tion.  For  example,  in  the  military  joint  community,  counterintelligence  (Cl)  is 
considered  to  be  “Information  gathered  and  activities  conducted  to  protect  against 
espionage,  other  intelligence  activities,  sabotage,  or  assassinations  conducted 
by  or  on  behalf  of  foreign  governments  or  elements  thereof,  foreign  organiza¬ 
tions,  or  foreign  persons,  or  international  terrorist  activities.”  See  Department 
of  Defense,  Dictionary  of  Military  and  Associated  Terms ,  Joint  Pub  1-02, 12  April 
2001,  updated  4  March  2008,  p.  129. 

3.  For  a  concise  description  of  U.S.  counterintelligence  in  counterinsurgency 
operations,  see  the  appendix  herein  for  the  pertinent  excerpt  (“Section  IV. 
Counterintelligence  and  Counterreconnaissance”  from  Headquarters  Department 
of  the  Army,  Counterinsurgency ,  Field  Manual  No.  3-24/Marine  Corps  Warfighting 
Publication  No.  3-33.5,  Washington,  DC,  December  2006,  pp.  3-30).  In  addition,  as 
addressed  in  Dictionary  of  Military  and  Associated  Terms,  “offensive”  counterin¬ 
telligence  is  for  the  U.S.  Joint  Military  Community  deemed  “counterespionage,” 
which  is  designated  as  that  aspect  “designed  to  detect,  destroy,  neutralize,  exploit, 
or  prevent  espionage  activities  through  identification,  penetration,  manipulation, 
deception,  and  repression  of  individuals,  groups,  or  organizations  conducting  or 
suspected  of  conducting  espionage  activities.” 

4.  Attributed  variously  to  16th  century  Italian  political  schemer  Nicolo  Machiavelli, 
17th  century  French  poet  and  fabulist  Jean  de  La  Fontaine  (“C’est  double  plaisir  de 
tromper  le  trompeur”),  and  perhaps  others,  the  thought  certainly  has  counterparts 
dating  back  to  earliest  human  organization. 

5.  The  excellent  work  compiled  and  annotated  by  Charles  E.  Lathrop,  The  Literary 
Spy  (New  Haven;  Yale  University  Press,  2004),  presents  a  wealth  of  quotes,  obser¬ 
vations,  and  insights  on  intelligence  (including  counterintelligence)  spanning 
several  thousand  years. 

6.  In  Sun  Tzu,  The  Art  of  War,  trans.  by  Lionel  Giles,  Forgotten  Books,  2007,  p.  50, 
the  attention  given  to  espionage  generally  and  counterintelligence  specifically  is 
too  lengthy  to  even  synopsize  here.  Modern  readers  will  be  much  taken  with  treat¬ 
ment  like  Sun  Szu’s  “five  types  of  spies”  (local,  inward,  converted,  doomed,  and 
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surviving)  and  the  “divine  manipulation”  that  could  create  a  near-impenetrable 
secret  system.  Available  at  www.forgottenbooks.org/  (accessed  November  2008). 

7.  Peter  Dubovsky,  Hezekiah  and  the  Assyrian  Spies:  Reconstruction  of  the  Neo- 
Assyrian  Intelligence  Services  and  its  Significance  for  2  Kings  18-19  (Rome:  Editrice 
Pontifico  Istituto  Biblico,  2006),  pp.  104-108.  The  2nd  Kings  of  the  Bible  addresses 
this  same  period. 

8.  The  tribal  kingdom  was  called  Chalda,  and  the  king  was  named  Merodach- 
Baladan.  The  spy  was  targeted  against  the  city  of  Larak,  believed  to  have  located 
on  the  west  bank  of  the  Tigris  River — east  of  the  ancient  Sumerian  capital  of  Risk, 
between  the  Tigris  and  the  Euphrates.  The  captured  spy  told  his  captors  the  loca¬ 
tion  of  Merodach-Baladan  himself,  the  king  who  had  sent  him  on  his  mission. 

9.  This  “Information  Hub”  network  diagram  is  found  in  Dubovsky,  Hezekiah  and 
the  Assyrian  Spies,  Appendix  2,  p.  267. 

10.  Earth  Liberation  Front,  et  ah,  Security  Culture:  A  Handbook  for  Activists,  early 
2000s.  The  pamphlet  was  intended  principally  for  Canadian  activists,  but  was 
billed  as  useful  for  U.S.  militants  as  well.  Among  the  Internet  editions  was  the 
3rd  edition,  November  2001,  at  http://security.resist.ca/personal/securebooklet. 
pdf  (accessed  November  2008). 

11.  Ibid.,  p.  5. 

12.  See  Anonymous,  “The  Animal  Liberation  Primer,”  Animal  Liberation  Front, 
circa  late  1980s  or  early  1990s,  available  at  www.animalliberationpressoffice.org/ 
Fact%2oSheets/alprimer.pdf;  the  various  treatment  in  the  issues  of  Narco  News  at 
www.narconews.com/  (accessed  November  2008);  and  many  others. 

13.  Information  in  this  section  has  been  drawn  from  including  analyses  and  assess¬ 
ments  prepared  and  presented  by  a  law  enforcement  officer  (names  withheld 
here)  operating  under  the  overall  auspices  of  the  West  Texas  High  Intensity  Drug 
Trafficking  Area  (HIDTA). 

14.  National  Drug  Intelligence  Center,  “Bandidos,”  Drug  and  Crime  Outlaw 
Motorcycle  Gang  Profile,  U.S.  Department  of  Justice,  October  2002,  Product  No. 
2002-M0148-001,  available  at  http://cryptome.org/gangs/bandidos.pdf  (accessed 
November  2008). 

“The  Bandidos,”  Connecticut  Gang  Investigative  Association,  undated  circa  early 
2000s,  available  at  www.segag.org/mcgangs/bandido.html  (accessed  November 
2008). 

Other  outlaw  motorcycle  gangs  purportedly  have  analogous  enforcement/coer- 
cion  components  to  include  Hell’s  Angels  “Filthy  Few,”  the  Outlaws’  “SS,”  the 
Pagans’  Black  T-Shirt  Squad”  according  to  Information  from  the  Southeastern 
Connecticut  Gang  Activities  Group  posted  under  “Motorcycle  Gangs”  at  http:// 
faculty.missouristate.edu/rn/MichaelCarlie/Storage/motorcycle_gangs.htm 
(accessed  November  2008). 

15.  Carlos  Revillo  Arango,  “Insurgent  Counterintelligence,”  Studies  in  Intelligence, 
vol.  12,  no.  1,  Winter  1968,  pp.  39-40.  A  companion  piece  by  Arango, 
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